Tag Archive for: Proper

Prevent Ransomware with Proper Policy Hygiene

/in


Ransomware attacks typically begin with phishing, credential hacks, or taking advantage of open vulnerabilities. Once the bad actor is in, they rummage around looking for access to their honeypot, a hub of data, to hold hostage. Maintaining good policy hygiene and access control is paramount in preventing and stopping the bad guys before they get to your data.

Remember the Target hack back in 2013? Hackers stole credentials from an HVAC contractor, gained access to the network, pinged around, found the PCI network and injected malware into point of sale devices at every Target in America. Overly permissive access to the network made this possible. Having a clean set of firewall policies and a segmented network would have prevented the bad actor from ever gaining access past what the original victim, the HVAC contractor, required.

DevOps Experience 2022

Access within an organization should be relegated to just what is necessary to meet the needs of the business: nothing more, nothing less. This is good policy hygiene. Unnecessary complexity caused by things like duplicate/redundant and shadow rules, increases the probability of misconfigurations, human error, and risk. Bad actors rely on humans to make these mistakes, creating paths to use as attack vectors, and they are often not disappointed.

Unnecessary complexity is often a byproduct of day-to-day operations. A port is opened for RDP (remote desktop protocol) for troubleshooting, but is never closed. Access is granted for temporary communication between devices, but is left open as meetings and other priorities fill the day. A rule is created for a resource and not removed once it is decommissioned. The scenarios are endless but the results are the same: rules are created, then forgotten, resulting in policy clutter that causes inadvertent access and exposes security gaps for cyber criminals to leverage. When working with thousands of policies among hundreds of devices and platforms, it is nearly impossible to properly manage these policies manually.

FireMon provides a solution to this problem. By centralizing all of your security policy enforcement data into a single pane, a rule repository, FireMon allows you to manage policies across all of…

Source…

Prevent DDoS Attacks with Proper Cybersecurity

/in


You may have heard the term “DDoS attack” mentioned in online circles, especially when talking about website security, but what is it exactly? A DDoS, or distributed denial-of-service, attack is an attempt by a cybercriminal to flood a server with traffic to overwhelm its infrastructure. This causes a site to slow to a crawl or even crash so legitimate traffic won’t be able to reach the site. This type of attack can do a lot of damage to your online business.

These cyberattacks can run a wide range of purposes, from annoyance and “hacktivism” to massive loss of business. What makes these unique compared to other forms of hacking is the motivation. While other forms of malware, like ransomware and scareware, are attempts to siphon money from a victim, DDoS attacks are purely designed for chaos and disruption.

AppSec/API Security 2022

The amount of downtime and damage they can cause is why they are talked about so often. Hackers employ DDoS attacks regularly, and you need to be on the lookout for them so they do not impact you too severely.

How Does a DDoS Attack Work?

Most DDoS attacks are done with botnets – groups of computers all acting together. These computers will all attempt to access a website simultaneously, overwhelming the server and bringing it down.

How do they get these botnets? By hijacking other machines. Often, a hacker will use malware or take advantage of an unpatched vulnerability on someone else’s server to gain access to it via Command and Control (C2) software. By leveraging these exploits, hackers are able to amass large numbers of computers in a relatively cheap and easy way, which they can then deploy for their own nefarious purposes.

Once they have control over enough machines, the hackers can then issue a command to the entire botnet, which then attempts to access the target server. When too many computers are trying to access a server all at once, service outages are common. The end result is an interruption in service and lost productivity.

This can be anything from a childish prank to revenge against a business. And while it sounds harmless at first, it’s important to know that the average cost of a DDoS attack to even small business operations can be as…

Source…

Prioritizing a Proper Response to the Colonial Pipeline Hack.

/in


The best way to get the American public’s attention is to hit them in their wallets, especially if it happens at the gas pump. Still, inviting the ire of the entire East Coast and commanding headlines of major news publications for a week was certainly not what the DarkSide ransomware group had in mind when they targeted Colonial Pipeline’s IT infrastructure. On May 7th, DarkSide launched a ransomware attack against Colonial Pipeline, resulting in a shutdown of their entire operation and an eventual ransom payment of $5 million.

It seems that the most powerful nation in the history of the world has a major issue with cyber threats…

While most Americans were wrapped up in the more sensational parts of the story—plastic bags filled with gas or the mysterious perpetrator and any possible ties they may have to the Russian government—there is a more serious underlying issue that is garnering less attention. It seems that the most powerful nation in the history of the world has a major issue with cyber threats, and despite some promising solutions that are being implemented as a result of this recent hack, there is still a prioritization issue and an ongoing ignorance about the proper path forward.

Ironically, not many people know what good cyber security hygiene looks like despite spending most of their days within the cyber world. Part of that can be explained away by the novelty of this new way of living where we are permanently connected, but the amount of time left to use that excuse is running out. Americans are soon going to wake up to find that all their personal data is littered throughout the world’s computer infrastructure, just waiting for a crafty hacker to steal.

Thankfully, the blinders are starting to lift, ever so slightly, as drivers are confronted with the price to fill up—if they can find gas at all.

Out of service gas pump.

Out of service gas pump.

CALCULATE THE RISK, THEN ASSUME BREACH

Businesses are not ignorant of the dangers that they face, especially after the high-profile cyber attacks targeting SolarWinds’ software and Microsoft Exchange servers. The…

Source…

Florida water hack highlights risks of remote access work without proper security

/in


Cybersecurity experts have long warned that insecure remote work software is a major source of weakness for hacking.



a man in a military uniform: Pinellas County Sheriff Bob Gualtieri addresses the hack to the Oldsmar, Florida's water facility's control systems through remote access software.

© Pinellas County Sheriff’s Office via AP
Pinellas County Sheriff Bob Gualtieri addresses the hack to the Oldsmar, Florida’s water facility’s control systems through remote access software.

The issue was brought into stark relief on February 5, when hackers gained access to a Florida water treatment facility by using a dormant remote access software and then tried to poison the water supply. The hack was quickly caught by a human operator at the facility, but the incident highlights a potential economy-wide problem as the Covid-19 pandemic has pushed millions of workers to work from home.

“The problem is not the fact that remote software existed. I think the problem is that an adversary got hold of the credentials such that the adversary was able to access it,” said Damon Small, Technical Director of Security Consulting at NCC Group North America.

“What it underscores, speaking as an information security professional, is the need for strong authentication when critical infrastructures are going to use these sorts of remote access systems.”

As CNN has reported, the treatment plant had used multiple computers running an aging version of Microsoft Windows to monitor the facility remotely. All of the computers shared a single password to access an apparently disused version of the plant’s remote management software.

According to Pinellas County Sheriff Bob Gualtieri and a Massachusetts government advisory to public water suppliers, the hackers gained access to the water facility’s control systems through remote access software known as TeamViewer.

Martina Dier, a spokesperson for TeamViewer, said an investigation found no evidence of suspicious activity on its platform.

Why remote work can lead to hacks

The rise of remote work has provided flexibility for people to work without risking large gatherings of coworkers. But it has also left workers more vulnerable to targeted attacks. And, in some cases, it has put previously secured work functions online, accessible to anyone with the right credentials.

Eric Cole, a former CIA cybersecurity expert and author of…

Source…