A ransomware attack made national headlines more than a year ago. On May 7, 2021, the Colonial Pipeline Company revealed that the DarkSide Ransomware-as-a-Service gang based in Eastern Europe had attacked it. DarkSide, which has since been shut down, has been identified as the threat actor by the FBI. What has changed in US cyber policy since then, including in the context of Russia’s attack on Ukraine?

It is vital to emphasize that the attack had an impact on the IT side of the organization. As a precaution, the business shut down the pipeline’s operational technology (OT) side. The Colonial Pipeline connects Texas and New York and can transport up to 3 million barrels of fuel per day. The five-day shutdown knocked off about half of the East Coast’s typical supply of gasoline and aviation fuel. As a result, gas prices increased, creating gas shortages, panic buying, and long queues at gas stations.

It also startled the worlds of national security and law enforcement. Both were reminded that the nation’s key infrastructure was vulnerable to assault.

Colonial Pipeline paid a ransom of $4.5 million to repair its damaged systems. Because the DarkSide recovery capabilities were so slow, the organization largely relied on its business continuity tools instead.

Following the Attack

Following the strike, negotiations between the US and Russia commenced. The Russian Federal Security Service apprehended a suspect in the incident. (Any collaboration in this area ceased following Russia’s invasion of Ukraine in February.) Meanwhile, the U.S. The State Department is still offering a reward of up to $10 million for the identification or location of any DarkSide commander.

Colonial Pipeline now faces a $1 million penalty for operational shortcomings and managerial failings that led up to the attack. The most serious alleged failing was improper planning for the pipeline’s shutdown and reactivation.

The incident also increased political pressure on the administration to pass new laws. Pipeline operators and other critical infrastructure corporations are subject to new cybersecurity rules.

New Pipeline Directives in the United States

The Transportation Security Administration issued two important obligatory directives to all pipeline operators in the United States about cybersecurity and transparency.

On April 20, the federal Cybersecurity and Infrastructure Security Agency said that they are expanding its Joint Cyber Defense Collaborative advisory board, which was founded in August 2021, to include experts in industrial control systems. In reaction to the increased risk posed by the Russia-Ukraine conflict, they also produced a document containing specific Russia-sponsored threats to IT and OT systems.

Takeaways for Businesses

DarkSide hackers used an old password to gain access to Colonial’s IT networks over a VPN in the absence of multi-factor verification. The effectiveness of this modest attack indicates five factors that should be bear in mind today:

1. All passwords must expire. Businesses require good password management in general, and password sunsetting in particular. Adding new, strong passwords isn’t enough.
2. Passwords aren’t a good idea. Using passwords for security is depending on humans. As a result, you are vulnerable to human mistakes, insider attacks, and social engineering. The sooner we can get away from passwords, the better.
3. Multi-factor authentication is a must. Any single-factor authentication technique is a virtual open door for cyber attackers.
4. Know your air gaps. Where are the (if any) air gaps between IT and OT systems? Understand how your network is segmented.
5. Zero trust work. Perimeter security is no longer necessary. Getting within the perimeter, whether via a virtual private network or another method, exposes the system to significant risk. This assault would have been prevented with strong zero trust. Even if an attacker managed to circumvent user authentication methods, they would be unable to further access the device and software.

The bottom line from the Colonial Pipeline attack is that the part of the business that was attacked and the part of the business that was affected is not always connected. The attack’s skill and effect aren’t either.

Yes, embrace high-tech tools, AI, and other cutting-edge solutions. But don’t forget about the fundamentals and the architecture. Prepare a backup plan for the measures you’ll do if an attack occurs. That way, whatever the future holds, you’ll have more options than a complete shutdown.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

The response to Goldman Sachs’ return to the office (RTO) directive was less than expected. In fact, according to Fortune, just roughly half of the company’s employees turned up. Employees have a solid foundation to stand on in today’s tight labor market, with many businesses permitting remote work. How do you keep a workforce that isn’t always willing to comply with your demands?

Employee compliance with cybersecurity measures has long been an essential aspect of cyber protection. On the other hand, employees usually fail to comply on purpose or make mistakes. According to the 2022 X-Force Threat Intelligence Index, phishing is the most common way hackers obtain network access. In 2021, phishing accounted for 40% of all attacks remediated by X-Force. Organizations must prioritize maintaining always-on security solutions that do not rely on cyber awareness and security edicts.

Regardless of Compliance, Zero Trust Protects

Organizations that have adopted the Zero Trust framework. Instead of focusing on employee compliance, this secures them with an always-on strategy. According to the 2021 Cyber Resilient Organization research, 35% of respondents have implemented this strategy. 65% of those polled agreed that zero trust security improves cyber resilience. Additionally, 63% of those organizations said a zero trust approach is substantial or moderate. Their main reason? The strategy increased operating efficiency.

Zero trust is not a single technology or procedure. On the other hand, the zero trust method is a framework that businesses use to deploy various strategies and technologies.

Other tactics concentrate on securing the perimeter and preventing an attack. Employers expect their employees to follow procedures and practice good cyber hygiene. You can’t rely on such ways of network security if your workforce is non-compliant.

Why Zero Trust Works for Remote Workers

Here are three common zero-trust elements that apply to remote workers:

• Principle of least privilege: You may minimize risks from both outsiders and insiders by giving staff the least amount of access necessary to execute their tasks. When applied to domain controllers and domain admin accounts, the principle of least privilege is most successful in reducing the danger of ransomware. Remote workers have additional flexibility and can add endpoints. So, limiting connections and user exposure decreases the severity and risk of an attack.
• Microsegmentation: This method divides the network into extremely small segments known as microsegments. It only gives users access to the areas that they require for commercial purposes. If there is a breach or an attacker steals an employee’s credentials, the damage is limited to the small parts affected. Analyze your data flows and infrastructure to identify workload segments if you wish to transition to zero trust.
• Multi-factor authentication (MFA): MFA makes it more difficult for cybercriminals to pretend as authorized users, whether employees access networks remotely or in-house. Users must utilize more than one piece of proof to prove their identity while using MFA. For example, a user may be required to input a password followed by a code delivered to them through an SMS text message.

Zero Trust Protects Remote Workers

Employees at Goldman Sachs who refuse to return to work are just one example of workers resisting RTO directives. Many employees who have worked remotely over the past two years wish to continue doing so. According to a recent Pew Research Report, 60% of workers with professions that can be performed remotely would like to work from home all or most of the time, up from 54% in 2020.

Additionally, many employees claim that the flexibility to work remotely influences their decision to stay with their employer. According to ADP People at Work: A Global Workforce View, 64% of the global workforce has or would consider looking for a new job if their current position demanded full-time office work. This is a challenge that even large corporations encounter. Apple staff recently made headlines by threatening to resign if the present hybrid strategy of having employees be in the office Tuesday through Thursday is maintained.

Because of the high number of remote workers, there is no longer a perimeter to defend. With a remote or hybrid workforce, organizations are discovering that zero trust delivers better protection. More endpoints and chances to acquire a company’s data result from remote workers, which broadens the assault area. To overcome this, zero trust focuses on device and user access rather than the perimeter. The framework can help to decrease risks and ensure that only authorized people and devices have access to the network, apps, and data.

Creating an Always-On Cybersecurity Process

As remote and hybrid work becomes more prevalent, businesses must constantly adapt their cybersecurity practices to reflect how employees operate. Organizations that now need full-time office hours, or even hybrid work schedules, should consider long-term security consequences to avoid losing valuable personnel to companies that offer more flexible work arrangements.

Organizations can be better prepared for future workforce changes and continuing remote work by starting the zero trust process now. Zero trust enables enterprises to reduce their reliance on compliance while also preparing themselves for security.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

The cybersecurity industry is now facing numerous issues. Highly trained attackers, a daily flow of useless data, and false alarms across various systems arrive in a severe lack of experienced labor. In this industry, undertaking extensive threat analysis with existing data will assist secure your company.

Threat analysts are required for this. These are security specialists who work as part of a team to discover and assess security concerns. They have exceptional technical, analytical, and communication abilities. They frequently carry out specialized investigations and produce high-level technical reports. The threat analyst is a highly trained professional that necessitates a great deal of focus and dedication to continuous learning and progress.

What Is Threat Analysis?

Threat analysis entails far more than just coding. It necessitates a thorough understanding of how people think and function. After all, our culture, economy, and key infrastructure have all become more reliant on IT solutions. As our reliance on technology grows, cyberattacks become more appealing and potentially more dangerous.

Threat analysis is becoming important in the field of cybersecurity. Analysts and security engineers cannot focus their efforts until they do threat analysis on active and potential threats.

Threat analysts are crucial in terms of saving time and money. Threat analysts may achieve amazing things when it comes to cybersecurity problems by taking both preventive and reactive methods. A reactive approach, on the other hand, invites risk.

How Threat Analysis Works

Knowledge is power when it comes to threat assessments. Threat analysts use this authority to assist security operations center teams in defending themselves. They provide a strategic advantage against threats by organizing, interpreting, and sharing information around them.

A threat analyst can spot cyber dangers and malware that are affecting a business. They investigate the level of threat and assist organizations in making the necessary cyber security-based business decisions. Threat analysts prioritize threats and concentrate on the most dangerous ones. It is founded on the idea that if you know more about your own system’s flaws than the attacker, you would be able to protect it better.

Threat analysts connect the dots by providing information on indicators of compromise as well as threat actors’ tactics, methods, and procedures (TTP). The context offered aids decision-makers in understanding the threats.

Threat analysts are in high demand. Businesses appreciate the importance of understanding and responding to the massive amount of threats that attack them. Threat analysts apply their talents daily to prevent data breaches, ransomware attacks, and other events. According to a new study, corporations and government agencies who use threat analysts save money.

Key Duties of Threat Analysts

Threat analysts are responsible for the following tasks:

• Know what the attacker wants: Attackers typically attempt to interrupt, modify, and exfiltrate data from endpoint systems. Understand what the attackers are attempting to accomplish. Understand their aims, as well as the potential consequences and scope of the attack.
• Document each threat: Each TTP in the attack chain should be documented. This allows you to comprehend the attackers’ general motivation and correlate all of the current parameters.
• Prioritize threat: Determine the most distinct and severe parameters to isolate the attack. Concentrate the analysis to reduce the impact.

A threat analyst can also tell a good story. It takes skill to write a complete threat report with the most important and exact facts. This report assists leaders in making the correct decision at the appropriate time.

Threat analysts have access to the most recent threat data. This information makes it easier to forecast, analyze, and respond to them.

The average cost of cybercrime has risen dramatically in recent years. The average number of data breaches is likewise constantly increasing. Threat analysis saves money by assisting in the prevention of breaches.

A Challenging, Rewarding Career

Threat analysts are in high demand. The majority of businesses regard threat analysis as a key security concern. According to one analyst firm, organizations will soon devote a significant portion of their security spending to threat analysis.

If you enjoy research and want to help secure the future, the threat analyst profession may be for you.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

In his poem “To a Mouse,” Scottish poet Robert Burns stated, “The best-laid schemes of mice and men.” “Gang aft a-gley.” You may be more familiar with the phrase “The best-laid schemes of mice and men sometimes go astray.”

This proverb may ring true for incident responders, business continuity planners, and crisis management. They are fully aware that all strategies may be rendered ineffective once the first shot is fired. However, as former President Dwight D. Eisenhower stated, “in planning for battle, I have always found that plans are useless, but planning is indispensable.” To be prepared, begin by determining which business practices and processes can impact response and then create a governance structure that supports a resilient organization.

Knowing how your company practices might help or hinder your cybersecurity response should be part of your preparation. Incident response strategies alone are insufficient. Planners and responders must get insights into how their company operates as a whole. This helps planners to identify areas, such as behaviors and processes, that may have cascading implications during an emergency response.

Consider this planning to be a form of systems design technique, similar to the NIST 800-160 principles, but from the standpoint of a business process.

Or, to put it another way, what good is a comprehensive incident response mechanism if business practices tax it, reduce its effectiveness, or prohibit it from working? Your cybersecurity response may be excellent on paper, and maybe even in isolation. In practice, it is just another process that might fail while operating alongside the rest of the business.

Is Your Program Appropriate for Your Requirements?

An incident response program must be adaptable while yet being structured. Otherwise, decision authority, escalation mechanisms, and disconnected communications become the Wild West.

Centralized control is rarely appropriate unless the organization is tiny. The centralized method might be delayed (because of communication breakdowns) and ‘too far away from the situation to make appropriate choices.

You want to harmonize instead. Consider this a program constitution that defines lanes and collaboration. Models that do not agree might result in a poor response.

Here are several frequent harmonizing stumbling blocks:

• Policy and practice are not in sync.
• Planning needs are incompatible with organizational structure.
• Roles and duties are not clearly defined or delineated.
• Identification of processes and assets has not been recognized or maintained.
• There are no dependencies mapped for processes or assets.
• Because each activity is conducted independently or in silos, business goals compete or conflict with security criteria.
• Misalignment or scarcity of resources
• Reactive, monolithic, bureaucratic systems stifle change and make process adaptation difficult.

When Planning Meets Real-World Processes

Assume you have a robust cybersecurity program and are confident in its ability to respond to attacks. It performs effectively on its own. But how does it operate when embedded in the system?

Consider this: incident response success is dependent on inputs from another process (a dependency) that is not within the scope of cybersecurity. There will always be an ‘ingestion source’ where the issue begins. This might include anything from a security operations center to a third party. Assume it’s customer service.

Assume your company provides technical services. You may not have seen any unusual symptoms yet, but your customers are complaining about poor service. Their standard procedure is to contact your customer service team.

What happens if the customer assistance procedure fails? In this situation, it may result in a terrible user experience. Because one critical ingestion source is entirely choked up, the event may not be recognized until much later.

Moving Upstream and Downstream

Problems like these can spread beyond the cybersecurity team. That’s how working in a group works. Mapping upstream and downstream behaviors and procedures can aid in identifying areas that support or hinder the cyber response.

Threat actors may have even discovered your customer support flaws (poor practices). They can purposefully take advantage of these inadequate practices. Customer service, for example, may be used as an entrance point for social engineering to target your consumers and overload your response plans.

What Business Practices Have an Impact on Incident Response?

To begin with, understanding every single vector, process, and reaction that might influence your response will occupy far too many resources. It’s stupid and will not yield a decent return on investment. However, you can plan for the most prevalent ones. Consider it positioning oneself ‘within the 20’ or in a ‘strong scoring position.’ You start from a strong position.

Assume you have a solid governance framework in place, as well as an incident response procedure. What is lacking? Problem areas might include:

• Sources of ingestion are unknown.
• Non-cybersecurity-related business practices or processes
• Oversharing information (for example, too much open-source material) and allowing social engineering assaults
• Under-sharing of knowledge (e.g., poorly understood methods or processes), resulting in blind spots
• Practices that are in contradiction with or bypass security measures
• Processes lack interdependence or are built-in isolation from their business impact.

In essence, you may have a large number of “unknown unknowns” that must be converted into “known knowns.” The bottom conclusion is that you must have a deeper understanding of how your company policies and operations will affect your cybersecurity response. That requires some exploration (understanding your business) as well as some creativity (thinking like a threat actor).

Defining Impact Categories

Once you’ve determined the number of known unknowns, the following step is to do some qualitative and quantitative analysis. To accomplish so, you’ll require impact-related criteria and classification. Some examples of categories include:

• Financial
• Regulatory and Compliance
• Internal Operations
• External Operations
• Reputation
• Health and Safety.

Each company will have a unique set of effect categories. Match them with your company’s activities. Not only will this exercise improve your cybersecurity response, but it will also improve your hazard response.

Remember the customer service issue we used as an illustration? We would know who and what is impacted and what sort of effect would ensue if we accurately mapped processes and assets. We could determine which are the most significant from both a qualitative and quantitative standpoint.

Perhaps the cybersecurity incident response process is influenced by the customer service procedure (an ingestion source and dependency). If clients can’t reach your staff, this might place a strain on internal operations. When a malevolent actor is aware of these issues, the risk increases.

In other words, even if you can’t perceive the links between your cyber and business operations, they still exist. It is extremely similar to the data life cycle continuum that we described previously. And if you don’t take action, the impact of an assault or a mistake may be more than it needs to be.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

If an attacker breaches a transportation agency’s systems, the impacts may extend well beyond server failure or exposed emails. Assume an attack on a transportation authority in charge of train and subway routes. The outcomes might be terrible.

The transportation industry saw a 186% increase in weekly ransomware attacks between June 2020 and June 2021. In one incident, attackers gained access to the systems of the New York Metropolitan Transportation Authority (MTA). Luckily, no one was harmed, but incidents like this are concerning. Transportation organizations require high levels of security to keep their systems and passengers safe.

Important Public Infrastructure

Ransomware was the top attack type globally in 2021, according to the latest X-Force Threat Intelligence Index, for the third year in a row.

According to the research, “malicious insiders emerged as the main threat type against transportation businesses in 2021, accounting for 29% of attacks on this industry.” In 2021, ransomware, [remote access Trojans], data theft, credential harvesting, and server access assaults all had a part in transportation.” We’ll return to the issue of ‘malicious insiders’ later.

Transportation is uniquely vulnerable since it is part of important public infrastructure. Most people and businesses depend on transportation to go to work on time, send goods, or get medical supplies. If an assault interrupts transportation, whole supply networks may collapse. Physical harm might result from an interruption in traffic lights or rail transit.

New Rules for Digital Defense

In response to the growing threat, the Transportation Security Administration (TSA) of the Department of Homeland Security released new cybersecurity rules for surface transportation owners and operators.

The rules should apply to higher-risk freight railroads, passenger rail, and rail transit. They need owners and operators to do the following:

• Appoint a cybersecurity coordinator.
• Within 24 hours, report any events to the Cybersecurity and Infrastructure Security Agency.
• Create and put into action a cybersecurity incident response strategy to minimize the risk of operational disruption.
• Completing a cybersecurity vulnerability assessment will allow them to detect potential gaps or weaknesses in their systems.

Motives Behind Cyber Attacks

Attacks against transportation agencies might be motivated by a variety of factors. Attackers may steal information or use ransomware to make money. However, some attackers may seek support from foreign states wishing to create chaos or damage to promote foreign policy goals. While any incident might create system interruption, foreign attacks can increase the chances of equipment faults and accidents.

Rogue Foreign Actors

The attackers in the New York MTA incident made no money demands. Instead, it appears that the hack was part of a recent wave of broad breaches by experienced attackers. According to FireEye, a private cybersecurity firm that helped in the identification of the hack, the hackers were most likely supported by the Chinese government.

Another attack in late 2018 resulted in the conviction of two Iranian men by a federal grand jury. They were suspected of holding the computer system of the Colorado Department of Transportation (CDOT) hostage as part of the SamSam malware scheme. The Iranian-based attackers allegedly requested a Bitcoin payment to unlock stolen CDOT data. The issue forced the shutdown of 1,700 staff computer systems. It took six weeks and almost $2 million to restore the department’s systems.

Therefore, the CDOT did not pay the ransom. The government had digital backups that allowed them to recover encrypted data. Additionally, segmented network operations helped in the protection against viruses spreading to other departments or organizations. As a result, servers managing traffic signals and other road systems in Colorado were unaffected.

What Should Transport Leaders Do?

Given the extensive and ongoing threat to the transportation industry, the TSA has created a toolset. When we look at the rail, public transportation, and surface transportation directions, we see that cybersecurity coordination, reporting, and response strategies are important. Vulnerability assessment is also a top concern, and the TSA advises organizations to use the NIST Cybersecurity Framework as a guide.

As more devices and equipment are deployed in the industry, vulnerability assessments should incorporate Internet of Things (IoT) security. IoT devices are required to coordinate the various moving elements and logistics of any transportation system. However, device connections are possible entry sites for attackers, and you should consider this risk as well.

Transportation Attack Risk Mitigation

Transportation organizations, like any other company, are vulnerable to hacking, but the stakes may be higher. One of the reasons, according to Homeland Security Secretary Alejandro Mayorkas, “ransomware now poses a national security danger.” While TSA rules address incident response, where can one receive risk reduction advice?

The X-Force Threat Intelligence Index not only analyses the current risk environment but also offers suggestions for minimizing the risk of breach. The X-Force study makes the following recommendations to reduce cyber risk:

• Zero trust: This method assumes that a breach has already happened and seeks to make it more difficult for an intruder to move across a network. Zero trust knows where important data is stored and who has access to it. Strategy is focused methods (multifactor authentication, least privilege, identity access management) are deployed across a network to ensure that only the appropriate individuals have access to the correct data in the right way. This is important in transportation since malicious insiders are responsible for approximately one-third of agency attacks.
• Security Automation: Security automation is crucial in the face of international threats, different attack types, and many levels of security. Machines can execute things far more quickly than any human analyst or team. Automation also helps in the identification of processes for optimizing workflows.
• Extended detection and response (XDR): Detection and response systems that combine multiple solutions provide a significant advantage. XDR helps in detecting hackers from a network before they complete their attacks, such as ransomware distribution or data theft.

Keeping Transportation Safe

Government efforts are helping in creating awareness and reducing the chance of risk. Individual transportation companies have also taken on the responsibility of protecting their systems and ensuring the safety of their passengers. The threat of an assault on transportation organizations will almost definitely remain, and passenger safety is important.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

It’s easy to believe that most, if not all, data breaches are malicious. Attackers must strike on intentions. However, over two-thirds of data breaches are the result of human error rather than malicious intent. According to Ponemon’s Cost of Insider Threats Report, careless workers cause around 62% of security incidents, costing an average of $307,111 per event.

You could also believe that unexpected breaches would be less dangerous. Insider data breaches may cost up to 20% of annual sales, according to a study done by Aberdeen and commissioned by Code42. Regardless of the cause of the attack, the impact may be comparable. However, the best approach to handle a non-malicious breach differs from the best way to handle a malicious breach.

What Is a Non-Malicious Data Breach?

A non-malicious data breach happens when an employee makes a mistake and creates a breach. Non-malicious attacks, as compared to malicious attacks, in which an insider utilizes their access to create damage, are usually the result of an accident or negligence.

For example, if an employee clicks on a phishing email, the network may get attacked with ransomware. Breaches can also occur when an employee accidentally exposes data that is eventually taken. Perhaps an employee accidentally sends an email to the wrong person, as shown by the 2022 Psychology of Human Error Study, which indicated that 58 percent of employees have done it at work.

How Should Businesses Respond?

An insider breach may not be found for days or months after the attack. And how they react might set the tone for future employees to come forward. Employees may be unaware that they committed a mistake or may be afraid to inform management. Every day that a corporation is unaware of the breach causes additional damage.

Companies must develop a culture in which workers feel comfortable acknowledging that they may have participated in a breach. After all, it can help minimize the damage. Employees made mistakes that resulted in breaches due to distraction, stress, and tiredness, according to the 2022 Psychology of Human Error Study. When businesses respond negatively to a non-malicious breach, it can add to the stress. This just increases the likelihood of future problems.

According to the report, 43% of respondents have committed work mistakes that have compromised cybersecurity. However, age contributed to employees acknowledging that their mistakes may have compromised cybersecurity. 50% of employees aged 18 to 30 stated they would accept mistakes, compared to 10% of those over the age of 51. Taking this tendency into account, you might work with older employees to ensure that they feel comfortable approaching management about possible breaches.

When a breach happens, executives should appreciate the employee for warning them of the possible issue. Assure them that everyone makes mistakes. By keeping the employee’s identity hidden, other employees will be more likely to come forward in the future. After all, they won’t be concerned about public humiliation or blame from employees. Following that, the organization should collaborate with the employee to acquire all of the specifics of the breach. This allows them to limit the breach and restore any damage as effectively as possible.

Should Businesses Announce an Accidental Data Breach?

One of the most important aspects of managing a breach is communicating with the media and affected customers. When your organization gets breached, one of the most serious consequences is that customers and potential customers lose faith in your brand. According to the Institute for Public Relations, businesses should apologize as soon as the breach becomes public. Additionally, they advocate for companies to be transparent. If clients learn more details from another source, they will be far more able to recover trust.

Internal Changes to Make After a Non-Malicious Breach

So you’ve prevented the breach and started the recovery process. What will be the next step? First, analyze why the breach happened. Next, consider how to reduce the likelihood of non-malicious breaches in the future. With non-malicious breaches, many companies skip this step. It is much more important in these types of breaches because the issue was caused by a human error rather than an attacker.

Here are two usual improvements made by businesses after non-malicious breaches:

• Training – Analyze your current training to see whether you need to add extra information in a given area. Assume that the breach was caused by spamming. You may need to review your examples and warning signals before clicking on links. You should also consider the frequency with which you train. Instead of once-a-year training, many organizations decide to increase the frequency of cybersecurity training and search for methods to include it in employee interactions.
• Tools – Analyze your current cybersecurity tools to see whether you need to add any more to help prevent the sort of error that caused the breach. By using tools and training, you can usually minimize errors that lead to breaches. Phishing technologies, for example, that analyze links in emails and alert employees to possible vulnerabilities, can help reduce non-malicious breaches.

Employees frequently conceive of a breach in a single category. Non-malicious breaches, on the other hand, are kind of different. Leaders may create a culture in which people feel responsibility for cybersecurity and are comfortable acknowledging mistakes by taking a careful approach to the first reaction and long-term changes.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

One of the most serious threats to internet businesses is the theft of personal or sensitive data. Data leakage, also known as data extrusion, can occur through a variety of attack mechanisms. Physical device theft, insider assaults within a business network, and phishing, malware, or third-party scripts are all examples. Every day, the potential that an attacker would take personal and sensitive data from regular website visitors without their awareness grows.

There are various ways for attackers to steal data from unwitting website users. Basic assaults like phishing utilize carefully prepared emails to get victims to click on bogus links that lead to hostile websites. Scripts on websites may be used to steal users’ passwords, financial information, and even medical data in more complex attacks.

Third-party scripts are commonly used on websites for advertising or analytic purposes. According to a recent study, third-party scripts are increasingly hijacking websites. It might be difficult to spot fraudulent activities as a visitor.

Malicious third-party programs attempt to elevate privileges in five different ways:

• Misuse of the browser login manager and auto-fill
• Exfiltration of social data
• Exfiltration of the Document Object Model (DOM)
• Exfiltration of data in cloud settings
• Exfiltration of data from mobile phone sensors.

Browser Login Manager and Auto-Fill Misuse

Many internet users use browser login managers and auto-fill programs to save their credentials and other personal information. These automatically populate login fields on websites rather than having to enter them manually. Because users do not have to put in credentials, this can boost user security in most circumstances.

Many third-party programs take advantage of this by including hidden login forms on websites. These malicious forms are not recognized by the user. Rather, the browser login manager fills them up with the user credentials saved in the browser and delivers them to the third party. This attack also works with email addresses or phone numbers, which are frequently stored in the browser’s auto-fill feature. It even works with credit cards and social security numbers on occasion.

Exfiltration of Social Data

Many website owners provide federated authentication using social media login providers to make it easier for users. Users may utilize a streamlined login to their social network profiles instead of remembering passwords, which is an advantage. When a user allows a social login integration for a ‘first-party’ website with integrated third-party scripts, they are putting themselves at risk. The attackers can then gain access to the social media provider’s application programming interface and query it (API). This allows them to steal user information from that social media profile invisibly. This can include email addresses and personal addresses, as well as user account information or account IDs.

DOM Exfiltration

The website DOM is a tree structure that specifies how a website’s contents are organized. The DOM may be used to organize dynamic content that is particular to a user session. Depending on the website, the top level of the DOM tree might include sensitive or personal information such as name, address, and other data. More sensitive information, such as credit card numbers or account numbers, might be found on a banking website. If an attacker uses a third-party script at the top level, it may typically traverse the whole DOM tree and steal all of the sensitive information. Attackers can even manipulate events on a website using scripts to track what the user is doing. The scripts may also include hidden event listeners, allowing attackers to track a user’s mouse movements.

These privacy infractions are a well-known issue, and cybersecurity research is gaining a better understanding of the attackers’ tactics in order to develop effective preventative solutions. Users, on the other hand, have few alternatives besides ad blockers. Users should also keep as little personal information as possible online or deactivate script code in their browser settings. However, they aren’t perfect options. Instead, website owners should ensure that their material is free of errors. This is much more crucial when using cloud-based online apps.

Data Exfiltration in the Cloud

The cloud is gaining in popularity and offers several benefits over previous infrastructures. When it comes to websites and online apps, setting up the code in the cloud and making it public from there might be easier. Recent research has revealed that misconfiguration is one of the most serious dangers to cloud infrastructures. This can result in insecure APIs that allow malicious programs to access restricted regions. It gives attackers access to credential storage, allowing them to get used or even admin credentials for cloud environments.

Data Exfiltration and Mobile Phone Sensors

Third-party scripts can get access to mobile sensors (e.g., GPS, gyroscope, and motion sensors) and exfiltrate sensor data, according to much recent research. There are important attack vectors for abusing mobile sensors for hidden data exfiltration, particularly on Android. Victims do not need to download a malicious mobile app because these assaults target the Android ad network. Ads integrated into apps allow the malicious script to access device sensors.

These flaws may also be found in hybrid applications and mobile browsers that use Android’s WebView to render webpages or website content in an app or mobile browser. WebView should usually be sandboxed in programs so that no background code may execute. Even after the app or browser window is closed, mobile advertisements can continue run scripts in the background to exfiltrate mobile sensor data.

Third-party scripts on websites, applications, and in the cloud can pose a serious security risk. As our society becomes increasingly linked as a result of the digital revolution, it is critical to properly safeguard information and ensure that the security of sensitive user data is constantly top of mind.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

On March 17, the FBI, the CIA, and the U.S. AvosLocker, a Ransomware-as-a-Service (RaaS) affiliate-based group, was the subject of a joint cybersecurity alert from the Treasury Financial Crimes Enforcement Network and the Department of the Treasury. AvosLocker has targeted victims in a variety of vital infrastructure industries, including financial, key industrial, and government institutions, according to the alert.

AvosLocker practices what some refer to as “double extortion.” The first step in these assaults is to encrypt files and demand a fee to decrypt them. The attackers then threaten to post the victim’s personal information on the darknet.

Many samples of stolen victim data have been released on the AvosLocker breach site. Data was obtained from targets in the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China, and Taiwan, according to the organization. If the ransom is not paid, AvosLocker threatens to sell the data to unknown third parties.

How Does AvosLocker Ransomware Work?

The ransomware AvosLocker begins by encrypting data on the victim’s server. After that, the files are renamed with the.avos extension. The threat actors then email the victim’s ransom notes that include a link to an AvosLocker.onion payment site. Monero payments are preferred, however, Bitcoin is accepted for a 10% to 25% premium.

AvosLocker perpetrators may also telephone victims to lead them to the ransom payment site, according to the FBI. According to certain victims, AvosLocker threat actors are prepared to negotiate lower ransom payments.

Vulnerabilities Connected With AvosLocker

On-premise Microsoft Exchange Server vulnerabilities have been identified as a possible infiltration route in many publications. Proxy Shell vulnerabilities related to CVE-2021-31207, CVE-2021-34523, CVE-2021-34473, and CVE-2021-26855 are only a few examples. The precision of the intrusion vector is likely related to the expertise of the AvosLocker associate who launched the assault.

Mitigating AvosLocker Threats

The joint advice recommends a number of mitigating strategies to combat AvosLocker assaults. They include:

• Multiple copies of sensitive or proprietary data and servers should be stored in physically distinct, segregated, and secure places (hard drive, storage device, the cloud)
• Maintain offline, password-protected data backups and network segmentation. In the event of an assault, this assures little interruption.
• Keep important data copies distinct from the system where the data is stored.
• On all hosts, install and update antivirus software, and activate real-time detection.
• Install operating system, software, and firmware upgrades as soon as they become available, and remain informed about new updates and patches.
• Look for new or unfamiliar user accounts on domain controllers, servers, workstations, and active directories.
• User accounts should be audited and configured with the least amount of privilege possible. Only provide admin access to those who require it, and only for as long as they require it.
• Unused ports are disabled.
• Consider including an email banner in communications from people outside your company.
• All hyperlinks in received emails should be disabled.
• If possible, use multi-factor authentication.
• Use strong passwords, update them frequently, and don’t reuse passwords for network accounts and services.
• To install software, you’ll need admin access.
• Avoid utilizing public Wi-Fi networks and always utilize secure networks. Install and use a virtual private network (VPN).
• Emphasize ransomware and phishing scam knowledge and training.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com