Kane Lightowler – TECHSEEN https://techseen.com Technology news, views and analysis from around the world Thu, 09 Mar 2017 10:29:07 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.2 What is a Non-Malware (or fileless) attack? https://techseen.com/2017/03/09/non-malware-fileless-attack/ https://techseen.com/2017/03/09/non-malware-fileless-attack/#respond Thu, 09 Mar 2017 10:29:07 +0000 http://techseen.com/?p=18209 Virtually every organization was targeted by a non-malware attack in 2016, and this year will be no different. The global emergence and continued growth of non-malware attacks will be a major security pain point in 2017, testament to the increasingly sophisticated attack methodologies employed by hackers today. Non-malware attacks, also known as fileless attacks, are […]

The post What is a Non-Malware (or fileless) attack? appeared first on TECHSEEN.

]]>
Virtually every organization was targeted by a non-malware attack in 2016, and this year will be no different. The global emergence and continued growth of non-malware attacks will be a major security pain point in 2017, testament to the increasingly sophisticated attack methodologies employed by hackers today.

Non-malware attacks, also known as fileless attacks, are so dangerous because they work. These attacks leverage on trusted, native operating system tools such as PowerShell or exploit running applications, such as web browsers and Office applications, to conduct their malicious behavior. The nature of these attacks allow hackers to gain control of computers without downloading any malicious files, which means that they can bypass detection by traditional antivirus (AV) software, which was designed to stop malicious files only.

Research by Carbon Black found that 98% of security researchers encounter at least one non-malware attack a month but only one-third are confident that traditional AV can protect their organizations from this form of attack.

By employing this stealthy technique to penetrate systems and steal data, cyber criminals can stay virtually undetected while they extract valuable information from organizations over prolonged periods of time, causing more damage than ever before.

According to the 2016 Ponemon Cost of a Data Breach Study, the average cost of a successful breach is $4 million – a catastrophic sum that will put a significant strain on resources for any organization.

Moving beyond legacy AV

An alarming number of organizations today are still relying on traditional AV as their only form of protection. This is no doubt correlated with the increased number of successful and profitable breaches in the recent years. Small medium enterprises (SMEs) too, are not spared from these assaults. In fact, we are seeing a trend wherein attackers exploit the weaker defense capabilities of SMEs as an entry point to the multi-national corporations (MNCs) they work with.

Here’s the bottom line: organizations will be attacked. And when it happens, they should be confident that their cybersecurity capabilities can prevent the attacks, detect them and, if necessary, respond before attackers can do any real damage. To do this, there needs to be a paradigm shift in organizations’ approach to security investments and for IT teams to do a much-needed reality check on their current defense capabilities.

Just as cyber criminals are constantly evolving their methods of attack to bypass standard proprietary capabilities, organizations need to be enhance their defense to match the current threat landscape. This means moving away from legacy AV and adopting a new line of defense that has been specifically developed to address sophisticated threats.

A new paradigm in cybersecurity

The new model of prevention, known as next-generation antivirus (NGAV), is a radically different approach to cybersecurity. Traditional defenses like legacy AV and machine-learning AV are designed to only identify threats at a single point in time (i.e. when a malicious file is downloaded), making them completely blind to non-malware attacks. NGAV closes this gap by taking on a more proactive stance to cyber defense. It monitors the activity of applications and services, including communications between processes, inbound and outbound network traffic, unauthorized requests to run applications, and changes to credentials or permission levels. By analyzing these relationships and clustering events, NGAV can identify abnormal behavior, which can be tagged, flagged and automatically shut down before the attackers can achieve their goals.

In today’s rapidly digitized world, security adoption should be a critical driver for modern businesses. With so much valuable data and intellectual property stored within organizations, the stakes are too high for cybersecurity to be an afterthought. Strategic cybersecurity planning should permeate every level of an organization and educating employees on cyber risks is critical to establishing and maintaining good security hygiene.

The post What is a Non-Malware (or fileless) attack? appeared first on TECHSEEN.

]]>
https://techseen.com/2017/03/09/non-malware-fileless-attack/feed/ 0
Adding business value with cyber insurance https://techseen.com/2017/01/12/cyber-insurance-carbon-black/ https://techseen.com/2017/01/12/cyber-insurance-carbon-black/#respond Thu, 12 Jan 2017 12:26:10 +0000 http://techseen.com/?p=12041 With more countries embarking on Smart Nation projects, the number of connected devices and volume of data will only increase. This means that cybercriminals now have an almost infinite number of (often poorly protected) channels to launch their attacks. Underscoring the severity of issue, the Monetary Authority of Singapore (MAS) has urged companies to boost […]

The post Adding business value with cyber insurance appeared first on TECHSEEN.

]]>
With more countries embarking on Smart Nation projects, the number of connected devices and volume of data will only increase. This means that cybercriminals now have an almost infinite number of (often poorly protected) channels to launch their attacks. Underscoring the severity of issue, the Monetary Authority of Singapore (MAS) has urged companies to boost their cybersecurity initiatives, as well as adopt cyber insurance. As such, the market for cyber insurance is expected to reach $7.5 billion in premiums by 2020, with apparent demand by the finance industry, along with a forecast of new investments from the healthcare industry.

While it is good news that companies are taking increased measures by moving toward cyber insurance to underwrite potential losses generated from cyberattacks, such as lawsuits, investigations, and business ramifications from exposed trade secrets, it is important to note that while cyber insurance can help to manage losses, it needs to go hand-in-hand with a robust cybersecurity infrastructure in order to add real value to your business.

Insuring the intangible

Cyber insurance can be likened to fire insurance; most businesses insure and deploy significant detection, prevention and response measures such fire suppression systems, fire resistant materials and fire drills, resulting in maximum risk coverage. In the same vein, companies should prioritize the deployment of a strong cybersecurity infrastructure consisting of robust detection, prevention and incident response measures, which results in an overall effective and efficient risk management plan that lowers your insurance premium too.

The industry is already making great progress to support the distribution of cyber insurance. For example, credit rating services such as FICO Enterprise Security Score allows cyber insurance providers to access cyber infrastructure and measure risk exposure, as well as forecast the likelihood of cybersecurity incidents in order to tailor policies and premiums for companies with different needs.

The next step is for the government to support the cyber insurance ecosystem through the enforcement of mandatory and regulatory laws on cyber security. Such legislation can benefit the industry as a whole as it ensures a minimum standard for any given company’s cyber infrastructure, which enables cyber insurance companies to lower their premiums.

Process, People and Technology

As cyber insurance can be a reasonably large investment for organisations, it is essential for companies to enforce strong cyber security fundamentals and best practises to maximize their dollars. For example, the financial industry is governed by mandatory laws that require banks to retain sensitive customer and transaction information, resulting in higher premiums. However, for businesses that do not revolve around transactions, holding customers’ payment information is counterproductive. Instead, these companies should consider outsourcing payment methods to third party providers, which will take a big amount of risk away.

A strong cybersecurity infrastructure mandates the deployment of more than just anti-virus software and firewalls. Cybercriminals have long advanced their methods of attacks beyond these traditional line of defences and companies need to up the ante when it comes to their cybersecurity technology too. Today, both public and private sectors should look to the next generation of anti-virus (NGAV) and end-point security (NGES), which gives them full visibility from the perimeters to drive their detection and response strategies.

Finally, just like how companies conduct regular fire drills to ensure that employees know how to respond appropriately to a fire incident to minimize damage, the same theory can be applied to a cybersecurity incident response plan. Employees at the IT frontline should be trained to minimize and contain the initial signs of a cyber intrusion, preventing it from escalating to a major breach.

Only with these preventive and risk minimization measures in place, then can cyber insurance truly bring value to your overall cybersecurity management plan.

The post Adding business value with cyber insurance appeared first on TECHSEEN.

]]>
https://techseen.com/2017/01/12/cyber-insurance-carbon-black/feed/ 0
Cybersecurity: 5 tips to build your data breach shield https://techseen.com/2016/09/05/tips-shield-cybersecurity/ https://techseen.com/2016/09/05/tips-shield-cybersecurity/#respond Mon, 05 Sep 2016 12:40:24 +0000 http://techseen.com/?p=7532 The year 2016 has proved itself to be a prolific year for cybercrimes. Cyber criminals are leaving no stones unturned as we witness a number of high profile attacks on various sectors – healthcare, finance, media – just to name a few. The reality is in fact, much bleaker as millions of undetected and unreported […]

The post Cybersecurity: 5 tips to build your data breach shield appeared first on TECHSEEN.

]]>
The year 2016 has proved itself to be a prolific year for cybercrimes. Cyber criminals are leaving no stones unturned as we witness a number of high profile attacks on various sectors – healthcare, finance, media – just to name a few. The reality is in fact, much bleaker as millions of undetected and unreported cyber-attacks are happening on a daily basis. Yet, organizations and even governments, are turning a blind eye to these threats and are still relying on traditional methods of cybersecurity that were not designed to tackle the sophisticated threats present today.

The Australia Strategic Policy Institute reported that although cybercrime in the Asia Pacific region accounts for a significant proportion of global cybercrime, many developing economies still rely on rudimentary cyber capabilities and the support of foreign aid programs. This may be surprising, but even more so, terrifying, as we ponder on these vulnerabilities and their potential consequences. According to the AT&T Cybersecurity Insights report in 2015, 64% of organizations acknowledged that they have been breached, and yet, only 34% of organizations believe they have an effective incident response plan.

Sure, there is no one size fits all when it comes to cybersecurity. However, there are some well tested guidelines and best practices that will keep any organization on the right track towards a comprehensive and robust cybersecurity infrastructure that is better primed to confront today’s threat landscape.

1. Minimize customer data

Rule of thumb – if you don’t need the data, don’t collect it. As we interact with more Internet of Things (IoT) devices, the amount of data collected and stored increases exponentially. However, organizations should be selective of the type of data they collect from customers, so as to minimize damage should a breach occur.

2. Develop a strategy

Cybersecurity takes more than just an anti-virus (AV) software. To tackle the sophisticated threats present today, a multi-layered security infrastructure is essential in order to confront the adversaries from every angle.

Part of your strategy should include cost management – investing in the right mix of cybersecurity solutions for your organization. Currently, organizations are still investing heavily in traditional AV and network security. However, incumbent AV providers regularly miss critical malware threats, as reported by Gartner in its 2016 Magic Quadrant for Endpoint Protection Platforms[3]. To close this critical security gap, organizations can look to next-generation anti-virus (NGAV) – an integral component of modern enterprise defense platforms. NGAV is characteristic in its ease of deployment and more importantly, its ability to stop not only run-of-the mill malware but also malware-less attacks – attacks that are file, memory or script-based, and leverage scripting languages and/or obfuscated malware. In 2015, 38% of incidents seen by Carbon Black partners were of such nature. Clearly, these are the real threats that organizations need to address today.

Moreover, with many companies adopting a bring your own device (BYOD) policy as well as increasing mobility in workplaces, network security (aka Firewalls) is no longer sufficient; once a device leaves the network perimeter, it is still vulnerable to attacks.

This is why today’s cybersecurity war is waged at the endpoint and by investing in Next Generation Endpoint Security (NGES) solutions, your devices are protected regardless of where you bring them.

3. Maintain real-time inventory and actionable intelligence

Millions of attack happen every single minute. This is why real-time surveillance is now critical for identifying and stopping attacks before they accomplish any real damage.

According to the Ponemon Institute, organizations take an average of 256 days to identify a breach and 100-120 days to response and mitigate, altogether costing the companies an average of USD$3.8mn per breach. This can be easily addressed with a solution that can continuously scan, monitor and collect data from an organization’s endpoints, reducing detection and response time significantly.

By collecting detailed and actionable information on these security threats at a granular level, organizations can also attain a deeper level of insights on why and how a breach occurred, with the end goal of making it exponentially more difficult and expensive for attackers to do their work.

4. Conduct regular audits

Once a robust security infrastructure is in place, regular audits of security measures, especially connections commonly used as gateways for attacks should be carried out in order to access and re-evaluate if an update is needed.

Cybercriminals are constantly innovating and advancing their tactics of attacks. It would be foolhardy to assume that the technology of yesteryears is still effective against today’s threats.

5. Educate employees

When it comes to cybersecurity, the human is often the weakest link. Ensuring that all employees are clear on their role in data security and raising awareness on the types of threats goes a long way in closing any possible gaps in your cybersecurity infrastructure.

The post Cybersecurity: 5 tips to build your data breach shield appeared first on TECHSEEN.

]]>
https://techseen.com/2016/09/05/tips-shield-cybersecurity/feed/ 0
Decoding the ransomware epidemic https://techseen.com/2016/06/22/decoding-ransomware-epidemic/ https://techseen.com/2016/06/22/decoding-ransomware-epidemic/#respond Wed, 22 Jun 2016 09:32:25 +0000 http://techseen.com/?p=4728 The FBI recently issued an advisory on the rise of ransomware, warning governments, law enforcement agencies, hospitals and businesses alike to beware of this increasingly sophisticated form of cyber attack, in which cyber criminals encrypt an organization’s or an individual’s files and demand for a ransom payment in exchange for a decryption key. Just this […]

The post Decoding the ransomware epidemic appeared first on TECHSEEN.

]]>
The FBI recently issued an advisory on the rise of ransomware, warning governments, law enforcement agencies, hospitals and businesses alike to beware of this increasingly sophisticated form of cyber attack, in which cyber criminals encrypt an organization’s or an individual’s files and demand for a ransom payment in exchange for a decryption key.

Just this year, we saw two high-profile ransomware attacks on Hollywood Presbyterian Hospital in Los Angeles and MedStar Health in Washington, DC, severely crippling their operations and endangering the lives of the patients as communications within the hospital were completely shut down. Hollywood Presbysterian reportedly paid a sum of US$17,000 in bitcoins to regain access to their system.

The United States healthcare sector is not the only one in jeopardy. According to the Asia-Pacific Defence Outlook 2016, South Korea, Australia, New Zealand, Japan and Singapore, dubbed the “Cyber Five”, are nine times more vulnerable to cyber attacks than the rest of their Asian counterparts. This is attributed to the high dependence of these nations on internet-based interactions. As governments in the region look to further harness the Internet of Things (IoT) as a key economic driver, the number of endpoints will increase exponentially, presenting cyber criminals more attack vectors to exploit.

Despite the rise of ransomware, an alarming majority of businesses are still relying on traditional anti-virus as their only form of safeguard against today’s increasingly advanced threats. This gives cyber criminals an easy entry to exploit and turn into a lucrative business model that is growing stronger than ever.

Ransomware as a Business

Ransomware is by no means a new phenomenon. However, it has evolved through time to adapt to and circumvent new defenses. In just five months this year, we have seen at least seven new variants of ransomware, including PowerWare, which utilizes PowerShell, the scripting language inherent to the Microsoft operating systems. The use of PowerShell avoids writing files to the disk and allows the malware to blend in with legitimate activity on the computer, thus averting detection by anti-virus software.

Another rampant trend is Ransomware-as-a-Service (RaaS) – a business model where cyber criminals pay a fee for the distribution of malware or promise a percentage of the ransom paid by an infected user.

While this may be a hard pill to swallow, ransomware has become a very profitable business model and as more user-friendly variants are developed, even those with little cyber know-how can easily deploy various forms of ransomware to exploit companies and individuals.

The Ransomware Remedy

Prevention is better than cure is equally applicable to an organization’s health. While there are decryption tools available for infected systems, cyber criminals have time and again proved to be able to advance their means of attack, overriding existing remedies.

Next Generation Endpoint Security (NGES) is a modern approach towards cyber security that has been specially developed to wrestle the increasingly sophisticated threat landscape. It adopts a proactive stance by continuously scanning, monitoring and collecting data from an organization’s endpoints. By recording an adversary’s every move, security teams can immediately isolate and stop the spread of an attack.

Anti-virus and other more traditional security tactics are simply not enough, and until businesses ramp up their defenses to meet the level of sophistication now found in cyber attacks, they will always be at risk of being the next victim of the ransomware epidemic.

The post Decoding the ransomware epidemic appeared first on TECHSEEN.

]]>
https://techseen.com/2016/06/22/decoding-ransomware-epidemic/feed/ 0