WannaCry is still fresh in our memory, reminding organizations of how distractive an unpatched vulnerability can be especially if weaponized as a wormable threat that delivers ransomware. BlueKeep has been estimated to have the same disruptive potential as EternalBlue (the exploit responsible for WannaCry) if sporting worm-like behavior, especially since RDP is a commonly used service in organizations, allowing IT and security teams to remotely dial into machines.
Could critical infrastructure attacks be making a comeback? Or did these invisible threats never leave in the first place? Extensive research reveals that as many as four threat actors many have been involved in creating Stuxnet, the sophisticated computer worm that demolished Iran’s nuclear infrastructure in 2007. In light of recent discoveries about similarities in malware samples, cyberespionage appears to be a growing threat that can hide for years before its discovered.
As bad actors continue to hone their skills and governments keep raising the penalty for getting breached, large organizations across the globe seem to be doing little to mitigate the risks associated with cybercrime – despite knowing better for years.
Doctors can’t prescribe proper treatment for patients without identifying and analyzing symptoms to make a clinical diagnosis. It’s the same for CISOs, who are responsible for their organization’s digital health.
While modern technology makes possible new business models to drive growth and profitability, digital transformation opens your business to more cybersecurity risks, according to a survey by Thales and 451 Research.
As of 2017, a single cyber incident can put a small company out of business, according to new research by Ponemon Institute. The findings confirm Bitdefender’s predictions for 2017 that targeted attacks would increase due to poor security of corporate networks.
It’s been 38 years since the invention of email and today, it is still the number one communication tool in and out of enterprises. While technology, hardware, infrastructure and the internet itself evolved tremendously in the past almost 4 decades, email is the spoiled child of the family that declines to grow up.
Several weeks ago we started a series dedicated to considering APTs (Advanced Persistent Threats) and possible ways to mitigate them. In the first post we strived to define and “contain” the APT as category of threats as the term is abused, and today most all the sophisticated attacks are presented as APTs – the supreme evil.
Working from the definition, we now remain with two aspects:
#1: Advanced – as APTs are sophisticated, out of the range even for organized crime networks – “we are sorry, no botnets or banking trojans allowed”.
#2: Persistent – as we have seen and described, we are talking about organized attackers with myriad resources - the most important being time and patience, until they can reach their objective. A modern characteristic is that they prefer, with few exceptions, the “low and slow” approach; doing “the job” as silently as possible.
The thesis we don’t agree with is that APTs can pass over any antimalware technology. As a matter of fact, the majority of their components have been spotted-out as suspicious files prior to being investigated and detection being added.
This is the second post from a series we thought necessary to dedicate to APTs (Advanced Persistent Threats) and the new wave of security technologies claiming that they replace or complement antimalware solutions to help organizations defeat this new threat.
We see, day after day, real and so-called security experts announcing the newest security apocalypse we face. Claiming that antivirus is a dead technology, they invite you to uninstall it and buy new next-generation technologies that will automatically collect, analyze and detect malicious intentions of attacks or data compromise from the moment they are born in the minds of the bad guys.
Sometimes they come from people more or less familiar with the topic - Is Anti-Virus Scanning/Detection Obsolete? - and you can see that most of the opinions there are not so negative, apart from the classic advertising for some AV brands. Other times they come from specialists in the field, trying to give an opinion or just sell their “stuff”.
In my last blog post I began a conversation about virtual patching. In this post, I’ll further the discussion by talking about why effective virtual patching at the network is so difficult.
The story really begins by considering context, or really, the lack thereof. If a vulnerability exists in an application (a web application, or a browser) there is a certain context associated with the application that is difficult to be aware of at a point outside of the application. The simplest example is a session. A web application may create a session when a user logs-in, destroying the session after a period of inactivity, or when a user logs-out (and when was the last time you logged-out instead of just closing the browser window?).
