By Dom Chorafakis, CISSP
June 21, 2017
The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.
With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.
Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.
In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.
People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.
While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector. From account compromise and phishing attacks to malicious attachments, email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.
The long game
Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.
1. Identify your assets
It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.
2. Identify threats and risks
Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.
3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.
4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.
5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.
Where to go from here
There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.
- Tracking Tick Through Recent Campaigns Targeting East Asia October 18, 2018This blog post is authored by Ashlee Benge and Jungsoo An, with contributions from Dazhuo Li.SummarySince 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight and Bronze Butler. Although each campaign employed custom tools, Talos […]
- Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability October 18, 2018These vulnerabilities were discovered by Lilith Wyatt of Cisco Talos.Cisco Talos is disclosing a code execution vulnerability that has been identified in Live Networks LIVE555 streaming media RTSPServer.LIVE555 Streaming Media is a set of open-source C++ libraries developed by Live Networks Inc. for multimedia streaming. The libraries support open standards such as RTP/RTCP and RTSP […]
- Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities October 16, 2018These vulnerabilities were discovered by Jared Rittle of Cisco Talos.Cisco Talos is disclosing several vulnerabilities in the operating system on the Linksys E Series of routers.Multiple exploitable OS command injection vulnerabilities exist in the Linksys E Series line of routers. An attacker can exploit these bugs by sending an authenticated HTTP request to the network […]
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox October 16, 2018This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau.Executive SummaryCisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki information stealer. Initially, Talos' telemetry systems detected a highly suspicious document that wasn't picked up […]
- Threat Roundup for October 5 to October 12 October 12, 2018Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 5 and 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by highlighting key behavioral […]
- GPlayed Trojan - .Net playing with Google Market October 11, 2018This blog post is authored by Vitor Ventura.IntroductionIn a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified the latest attempt to penetrate mobile devices — a new Android trojan that […]
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability October 10, 2018These vulnerabilities were discovered by Marcin Noga of Cisco Talos.Today, Cisco Talos is disclosing a vulnerability in the WindowsCodecs.dll component of the Windows operating system.WindowsCodecs.dll is a component library that exists in the implementation of Windows Imaging Component (WIC), which provides a framework for working with images and their data. WIC makes it possible for […]
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage October 10, 2018Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and one that’s rated as “low.”The advisories cover bugs in the Chakra […]
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability October 9, 2018Today, Cisco Talos is disclosing a vulnerability in VMware Workstation that could result in denial of service. VMware Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently.TALOS-2018-0589Discovered by Piotr Bania of Cisco TalosTALOS-2018-0589 / CVE-2018-6977 is an exploitable denial-of-service (DoS) […]
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator October 9, 2018Vulnerabilities discovered by Piotr Bania of Cisco TalosTalos is disclosing a pointer corruption vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator.OverviewIn order for the graphics to be produced, the graphics accelerators need to process the OpenGL scripts into actual graphics. That process is named "shader compilation." On the Intel Graphics accelerator, […]
- Risky Business: Dark Reading Caption Contest Winners October 19, 2018Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...Marilyn Cohodas Managing Editor, Dark Reading
- Cyber Espionage Campaign Reuses Code from China's APT1 October 18, 2018US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.Jai Vijayan Freelance writer
- Audits: The Missing Layer in Cybersecurity October 18, 2018Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.Brennan P Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors
- Former Equifax Manager Sentenced for Insider Trading October 18, 2018Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.Dark Reading Staff
- Getting Up to Speed with "Always-On SSL" October 18, 2018Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.Tim Callan Senior Fellow, Comodo CA
- Inside the Dark Web's 'Help Wanted' Ads October 18, 2018How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.Kelly Sheridan Staff Editor, Dark Reading
- 3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat October 17, 2018In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.Jai Vijayan Freelance writer
- Cybercrime-as-a-Service: No End in Sight October 17, 2018Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.Marc Wilczek Digital Strategist & CIO Advisor
- SEC Warns Public Companies on Accounting Control Use October 17, 2018A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.Dark Reading Staff
- The Three Dimensions of the Threat Intelligence Scale Problem October 17, 2018To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.Todd Weller Chief Strategy Officer at Bandura Cyber
- 5 open source intrusion detection tools that are too good to ignore October 19, 2018As cybersecurity professionals, we try to prevent attackers from gaining access to our networks but protecting perimeters that have grown exponentially with the rise of mobile devices, distributed teams, and the internet of things (IoT) is not easy. The unpalatable truth is that sometimes the attackers are going to get through and the cost of […]
- What is Shodan? The search engine for everything on the internet October 18, 2018Shodan is the search engine for everything on the internet. While Google and other search engines index only the web, Shodan indexes pretty much everything else — web cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that's plugged into […]
- Security executives on the move and in the news October 18, 2018The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.CSO’s Movers & Shakers is where […]
- 7 best practices for negotiating ransomware payments October 18, 2018Whether through ransomware, data theft, a distributed denial of service attack (DDoS) attack or General Data Protection Regulation (GDPR)-based extortion, criminals demanding money from organizations in exchange for the return of data or to continue business operations continues to be a common occurrence. The best advice, of course, is not to pay, but as a […]
- IDG Contributor Network: The IoT tsunami is coming October 17, 2018I have to admit: I have not been very focused on IoT.When I hear IoT, I often think about connected homes, cars and security cams.It’s so much more – and its growth projections are worth noting.Some recent IoT facts that caught my attention: Global IoT market share is projected to grow from 249 billion in […]
- Ransomware attack hits North Carolina water utility following hurricane October 17, 2018Bad timing, bad luck or heartless baddies — maybe all three came into play when a critical water utility in North Carolina, which was still recovering from Hurricane Florence, was brought to its knees by a ransomware attack.Despite still dealing with the aftermath of Hurricane Florence, which ripped through the state in September, Onslow Water and […]
- Review: Protecting API connections with Forum Sentry October 17, 2018The unsung hero of today’s modern networks is the application program interface (API), the tiny programs and protocols that act as the bridges bringing users, networks, systems and information together. But they also make it difficult to connect legacy systems such as application servers with modern tools like smartphones. And, they are often targeted by […]
- Best new Windows 10 security features: More patching, updating flexibility October 16, 2018With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ […]
- 35 million voter records from 19 states for sale on hacking forum October 16, 2018Approaching the November midterm elections, researchers discovered 35 million U.S. voter records from 19 states being sold on a hacking forum. The voter data records being sold reportedly include “full name, phone numbers, physical addresses, voting history, and other unspecified voting data.”After hearing dark web communications about the sale of voter databases, Anomali Labs and […]
- BrandPost: Addressing the Modern Threat Landscape with Threat Intelligence Services October 16, 2018For your customers, identifying and quickly securing against modern cyberthreats is paramount—especially as they adopt digital transformation strategies to better meet the needs of their consumers. Unfortunately, cybercriminals are also moving at an increasingly rapid pace by continually innovating and evolving to exploit new attack vectors.However, given the current cybersecurity skills shortage impacting businesses across […]
- Supply Chain Security 101: An Expert’s View October 13, 2018Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he'd […]BrianKrebs
- Patch Tuesday, October 2018 Edition October 11, 2018Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.BrianKrebs
- Naming & Shaming Web Polluters: Xiongmai October 10, 2018What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai -- a Chinese maker of electronic parts […]BrianKrebs
- Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It? October 5, 2018From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times. Bloomberg Businessweek on Thursday published a bombshell investigation alleging that Chinese cyber spies had used a U.S.-based tech firm to secretly embed […]BrianKrebs
- When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference? October 2, 2018A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the […]BrianKrebs
- Voice Phishing Scams Are Getting More Clever October 1, 2018Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it's easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you're too smart to fall for one? Think again: Even technology experts […]BrianKrebs
- Facebook Security Bug Affects 90M Users September 28, 2018Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in […]BrianKrebs
- Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks September 27, 2018The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.BrianKrebs
- Beware of Hurricane Florence Relief Scams September 24, 2018If you're thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past […]BrianKrebs
- Credit Freezes are Free: Let the Ice Age Begin September 21, 2018It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you've been holding out because you're not particularly worried about ID theft, here's another reason to […]BrianKrebs
- Critical Flaw Found in Streaming Library Used by VLC and Other Media Players October 19, 2018Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application […]
- 8 Popular Courses to Learn Ethical Hacking – 2018 Bundle October 19, 2018Update (Oct 2018) — Over 30,000 students from all around the world have joined this training program so far. Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and […]
- Critical Flaws Found in Amazon FreeRTOS IoT Operating System October 19, 2018A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded
- Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info October 17, 2018Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email
- LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence October 17, 2018A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison. According to a press release published Monday by U.S. Attorney’s Office, Colton Grubbs, who used online moniker 'KFC Watermelon,' was pleaded guilty for three counts--unlawfully […]
- LibSSH Flaw Allows Hackers to Take Over Servers Without Password October 17, 2018A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in
- Google Will Charge Android Phone Makers to Use Its Apps In Europe October 17, 2018Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube! And NOT even the Google Play Store—from where you could have installed any Android apps you want Because if you live in Europe, from now on, you have to spend some extra […]
- New iPhone Bug Gives Anyone Access to Your Private Photos October 16, 2018A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with […]
- Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020 October 15, 2018All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols. Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password October 15, 2018In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup their essential app data and […]