Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2020

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware – suggesting that it might be written by a new group of cybercriminals.

The MITRE ATT&CK Framework: Credential Access

There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather throw a brick through a window or use a key to the front door? What is the MITRE ATT&CK™ Framework? - YouTube An error occurred. Try watching this video on www.youtube.com, or enable JavaScript if it is disabled in your browser.

Cloud Under Pressure: Keeping AWS Projects Secure

Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. AWS Project owners need to take extra precautions by following some platform-specific advice. Amazon is constantly working on adding new features and implementing new changes in its current offering, as well.

What is the Cyber Essentials Certification and How Can it Help Your Business?

According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting businesses in the UK could have been prevented by the implementation of some basic security controls. To help organizations adopt good practices in information security, the UK government released a government-endorsed certification scheme called Cyber Essentials in 2014.

COVID-19 Scam Roundup - April 27, 2020

The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed attack emails by the middle of April. How can we then be surprised by ZDNet’s reporting that the number of digital crime reports received by the FBI had quadrupled in number, with many of these disclosed attacks featuring COVID-19 as a theme?

OSINT - Using Threat Intelligence to Secure Your Organisation

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst series, we’ll cover the unique benefits a CTI analyst brings to an organization by enhancing.

Expert Thoughts on How Infosec Pros Can Make the Most of Working From Home

We find ourselves in strange times. In response to the ongoing coronavirus epidemic, organizations have swiftly closed their offices and mandated that all employees begin working from home. This development has created security challenges with which many organizations are still grappling.

COVID-19 Scam Roundup - April 20, 2020

Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had received 20,334 consumer reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Those attacks that proved successful had caused their victims more than $15 million in damages at the time of writing. Unfortunately, both of those figures are likely to grow as time goes on.

Building Effective Cybersecurity Budgets

Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with industry best practice and recognized security frameworks adds a small amount of clarity to this challenge.

5G Technology: How to Make Sure the Benefits Outweigh the Security Risks

It’s hard not to say that 5G technology brings a lot of benefits. 5G entails faster download speeds, and yes, if you have a 5G-enabled handset, you could hear and appreciate the speed increases for videos, gaming, etc. However, 5G provides added benefits that go way above those for the everyday user. Let’s take a look at the high speed and low latency of 5G. There are a lot of areas or industries that require pinpoint accuracy and precision.

The MITRE ATT&CK Framework: Privilege Escalation

Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the defensive side of the fence, the magic of escalating privileges rested in Exploiting for Privilege Escalation or stealing an administrator’s credentials.

Visibility, Vulnerabilities and VPNs - Extending Your Corporate Security Policies and Procedures to Cover Remote Workers

We’ve heard a lot about the drastic measures that organizations in North America and Western Europe are taking to protect their employees against the coronavirus. But as we all know, COVID-19 is a global pandemic. Organizations all over the world now find themselves in a position where they need to take action on their policies and procedures. Take the Middle East, for instance.

COVID-19 Scam Roundup - April 14, 2020

On March 27, 2020, President Trump signed an unprecedented $2 trillion stimulus package into law. The legislation received support from both chambers of the U.S. Congress for its goal to minimize the economic effects of the global coronavirus 2019 (COVID-19) pandemic, reported CNN. A key component of that package was the direction to provide economic relief to Americans in the form of stimulus checks of varying amounts depending upon their income.

Realizing Hybrid Asset Discovery with Tripwire Industrial Appliance

Digital attacks continue to weigh on the minds of industrial cybersecurity (ICS) professionals. In a 2019 survey, 88% of ICS experts told Tripwire they were worried about what a digital attack could mean for their industrial organization. The rate was even higher for those working in the manufacturing and oil & gas sectors at 89% and 97%, respectively. Such widely held concern suggests a need for industrial organizations to make greater investments in their digital security posture.

Cybersecurity in Education (K-12) with the CIS Controls

Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily available documentation from Microsoft or Google.

The MITRE ATT&CK Framework: Persistence

When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more from digging into the various techniques here than any other tactic. While I knew about fun tricks like replacing sethc.exe with cmd.exe and hitting the shift key a bunch of times from a lock screen, there were many other techniques that were brand new to me.

Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness

New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer interest and increase retention of existing clients, there is a very real risk of exposing new threat vectors to the business if even the most minor of misconfigurations occurs.

What Security Leaders Should Consider When Building a Business Case for Integrity Monitoring

We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and keeping up our integrity monitoring processes.

Finally Some Good News: NERC Proposes Deferment of 3 CIP standards

Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3 PRC standards) for three months due to the national emergency declared on March 13th by President Trump. As the original implementation date was July 1, 2020, this means that should FERC approve the motion, the new implementation date would be October 1, 2020.

The Cyber Threat Intelligence Analyst - Speaking Your Languge

One item that comes up a lot in conversations is how security teams or IT teams struggle to speak the “business language” to business leaders, mainly to members of the senior leadership that make the final decisions on spending and investments. This problem could have its roots in IT, and later security, teams historically having their management lines within the accounting department, ultimately being accountable to the Chief Financial Officer.

COVID-19 Scam Roundup - April 6, 2020

Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks detected a month earlier. By comparison, the security firm spotted just 137 coronavirus-themed email campaigns in January.

Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools

Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness. Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a teenager, but I was instantly hooked once I started. Why? Because the clock didn’t lie. The tape measure didn’t lie. The fastest time always won, and the longest throw always won. I like to think of ICS security tools in a similar way.

Zoom promises to improve its security and privacy as usage (and concern) soars

What’s happened? Well, Coronavirus 2019 (COVID-19) happened. Okay, smart alec. I know about that. What else is going on? Well, because so many people are (wisely) staying at home, they’re using videoconferencing and chat technology like Zoom to keep in touch with friends, family and colleagues. In fact, Zoom says that daily usage has soared from approximately 10 million daily meeting participants in December 2019 to over 200 million today. Zoom must be pleased. I’m sure they are.

We're All Remote Here: Videoconferencing Securely

The current pandemic has certainly shown the utility of electronic collaboration tools such as videoconferencing platforms. Once an expensive perk of solely enterprise companies, the video call is now used not only for executives remotely attending board meetings but also for the following... At the moment, it’s important for public health that everyone stays distant from one another.