Cybersecurity Essentials

By Dom Chorafakis, CISSP

June 21, 2017

The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.

Cryptojacking

With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.

Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.

Malvertising

In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.

People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.

Email compromise

While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector.  From account compromise and phishing attacks to malicious attachments,  email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.

The long game

Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.

1. Identify your assets

It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.

2. Identify threats and risks

Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.

3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.

4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.

5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.

Where to go from here

There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.

 

 

 

RSS Cisco Talos Blog

  • Microsoft Tuesday August 2018 August 14, 2018
    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Monaco; color: #000000; background-color: #ffffff} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Monaco; color: #000000; background-color: #ffffff; min-height: 14.0px} span.s1 {font-variant-ligatures: no-common-ligatures} span.Apple-tab-span {white-space:pre} Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's […]
  • Threat Roundup for August 3-10 August 10, 2018
    Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 3 - 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by highlighting key behavioral […]
  • Playback: A TLS 1.3 Story August 8, 2018
    IntroductionSecure communications are one of the most important topics in information security, and the Transport Layer Security (TLS) protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking application, your favorite instant message application or social networks, all those communications are […]
  • The Official Talos Guide to Security Summer Camp 2018 August 6, 2018
    It is once again time for the week in the summer when many of us descend on Las Vegas for Black Hat, DEF CON, and B-Sides LasVegas. This is your official guide to what the Cisco Talos Threat Intelligence team is doing at these shows and what some of our colleagues around Cisco Security are doing, […]
  • Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference. August 2, 2018
    Authored by Aleksandar Nikolic.Executive summaryIt can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash. In this case, we are using the Tetrane REVEN reverse-engineering platform, […]
  • Multiple Cobalt Personality Disorder August 1, 2018
    IntroductionDespite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations.Recently, Cisco Talos has observed numerous email-based attacks that are spreading malware to users at both a large and small scale. In this blog post, […]
  • Threat Roundup for July 20-27 July 27, 2018
    Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between July 20 and 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by highlighting key behavioral […]
  • Beers with Talos EP 34: Click Here to Assign New Mobile Device Owner July 26, 2018
    Beers with Talos (BWT) Podcast Ep. #34 is now available.  Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast.Ep. #34 show notes: Recorded July 20, 2018 — This week, we touch on several topics, but we spend the lion’s share of the episode discussing the mobile device management (MDM) campaign […]
  • Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub July 26, 2018
    These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryCisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung to ensure that these issues have been resolved and that a firmware update has been made available […]
  • Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2 July 25, 2018
    This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams.SummarySince our initial post on malicious mobile device management (MDM) platforms, we have gathered more information about this actor that we believe shows it is part of a broader campaign targeting multiple platforms. These new targets include Windows devices and additional backdoored […]

RSS Dark Reading

RSS CISO Online

  • The best antivirus software? Kaspersky, Bitdefender and Trend Micro lead in latest tests August 16, 2018
    The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only four of the 16 products tested earned a perfect rating of 6 for each of those criteria: Bitdefender Endpoint Security 6.2 and 6.6, Kaspersky Lab Endpoint Security 11, Kaspersky Small Office Security 5 […]
  • Hack mobile point-of-sale systems? Researchers count the ways August 16, 2018
    Ever since the infamous and massive security breach at retailer Target nearly five years ago, more and more attention has focused on the potential flaws that can make payment systems vulnerable to digital attack.And now, with payments increasingly shifting to mobile platforms, it appears that the potential for hacking the mobile point-of-sale (mPOS) systems that […]
  • Review: Monitoring IT, OT and IoT devices with ForeScout August 16, 2018
    Looked at very simplistically, most cybersecurity programs are simply trying to keep malicious programs from negatively affecting network assets. But to accomplish that, it helps to know exactly what those assets are, and how they might be vulnerable to different lines of attack. That is the key value that the ForeScout platform brings to cybersecurity. […]
  • IDG Contributor Network: How to make cybersecurity incidents hurt less August 15, 2018
    You take time with your staff to regularly review what they should do in a fire (where are the exits? Don’t use the elevator. Where is the muster point? Is the fire department called automatically, or will someone have to call when they are safely out of the building? Who is responsible for doing a […]
  • BrandPost: Loyal to a Fault: Why Your Current DNS May Be Exposing You to Risk August 15, 2018
    Ask seasoned IT professionals what they dislike most about their infrastructure, and they’ll answer in unison: Change. IT, network and security professionals all rely on tried-and-true products to keep the business humming along, but is doing so exposing them to new risks? This post looks at some hidden risk factors present in many of today’s […]
  • Vegas hotel room checks raise privacy, safety concerns at Def Con, Black Hat August 15, 2018
    The October 2017 mass shooting in Las Vegas involving a guest at the Mandalay Bay Resort and Casino led to new policies at Caesars Entertainment hotels, one of which includes disregarding guests' Do Not Disturb signs and checking the room once every 24 hours — a policy attendees at Def Con 26 and Black Hat […]
  • BrandPost: Maintaining Effective Security Posture Amid Smokescreen Attacks August 15, 2018
    As today’s businesses and organizations continue to deploy more modern and sophisticated cybersecurity solutions to address today’s security threats, cybercriminals have begun adapting their strategies to gain access to and exploit network vulnerabilities. One of these techniques used by modern cybercriminals is to initiate multi-vector smokescreen attacks in an attempt to lure the attention of […]
  • Why you should consider crowdsourcing IT security services August 15, 2018
    A crucial part of securing IT infrastructure, applications and services is asking independent white hat hackers to hack it. Hackers will try to break in regardless, so you might as well be part of the process to maximize the benefits. Unfortunately, not every company has the resources to hire a penetration testing team. [ Find […]
  • AI in cybersecurity: what works and what doesn't August 15, 2018
    Let's start by dispelling the most common misconception: There is very little if any true artificial intelligence (AI) being incorporated within enterprise security software. The fact that the term comes up frequently is largely to do with marketing, and very little to do with the technology. Pure AI is about reproducing cognitive abilities.To read this […]
  • IDG Contributor Network: Where Chicken Little meets information security August 14, 2018
    In the famous fable, Chicken Little believed the world was coming to an end and told everyone “the sky is falling." That ubiquitous phrase refers to any hysterical or mistaken belief that disaster is imminent.In the tech world, the Year 2000 problem (Y2K) was a well-known Chicken Little event. When it comes to information security, […]

RSS Krebs On Security

  • Patch Tuesday, August 2018 Edition August 15, 2018
    Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two "zero-day" flaws that attackers were already exploiting before Microsoft issued patches to fix them.
    BrianKrebs
  • FBI Warns of ‘Unlimited’ ATM Cashout Blitz August 13, 2018
    The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just […]
    BrianKrebs
  • Florida Man Arrested in SIM Swap Conspiracy August 7, 2018
    Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of […]
    BrianKrebs
  • Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months August 3, 2018
    TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a […]
    BrianKrebs
  • The Year Targeted Phishing Went Mainstream August 2, 2018
    A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison […]
    BrianKrebs
  • Reddit Breach Highlights Limits of SMS-Based Authentication August 2, 2018
    Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) […]
    BrianKrebs
  • State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China July 27, 2018
    Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who […]
    BrianKrebs
  • LifeLock Bug Exposed Millions of Customer Email Addresses July 25, 2018
    Identity theft protection firm LifeLock -- a company that's built a name for itself based on the promise of helping consumers protect their identities online -- may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web […]
    BrianKrebs
  • Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M July 24, 2018
    Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its cybersecurity insurance provider for refusing to fully cover the losses.
    BrianKrebs
  • Google: Security Keys Neutralized Employee Phishing July 23, 2018
    Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
    BrianKrebs

RSS The Hacker News

  • Widespread Instagram Hack Locking Users Out of Their Accounts August 15, 2018
    Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking […]
  • Email Phishers Using New Way to Bypass Microsoft Office 365 Protections August 15, 2018
    Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365. Microsoft Office […]
  • Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware August 15, 2018
    A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison after pleading guilty to money laundering in connection with the Reveton ransomware. Reveton malware is old ransomware, also known as scareware or police ransomware that instead of encrypting files locks the screen of victims’ […]
  • Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered August 15, 2018
    2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, […]
  • Microsoft Releases Patches for 60 Flaws—Two Under Active Attack August 14, 2018
    Get your update caps on. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical. The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and […]
  • Adobe releases important security patches for its 4 popular software August 14, 2018
    Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software. The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications. None […]
  • CompTIA IT Certification Training 2018 — 12 Course Bundle August 14, 2018
    The Information Technology industry has witnessed exponential growth over the years, and if you want to be a part of this growing industry, it's important for you to earn certificates in this field. Organisations always prefer employees with strong internationally-recognized professional certifications that proof your skills, knowledge, and what you know—giving you more credibility and
  • Hackers can compromise your network just by sending a Fax August 14, 2018
    What maximum a remote attacker can do just by having your Fax machine number? Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it. Check Point researchers have revealed details of two critical […]
  • New Man-in-the-Disk attack leaves millions of Android phones vulnerable August 14, 2018
    Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks. Dubbed Man-in-the-Disk, the attack takes advantage of the way Android apps utilize 'External Storage' system to store app-related […]
  • ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability August 14, 2018
    Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system […]