Wombat Security Reveals Top Security Predictions for 2018

Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, reveals their 2018 security predictions. As 2017 comes to a close, a look back on some of the biggest cybersecurity breaches of the year — including WannaCry, NotPetya, KRACK, and the Equifax breach — shows no organization is immune to security risks. Looking ahead, the Wombat team concludes there is no sign of slowing down for these attacks, and phishing is predicted to continue serving as a key access point. This supports Wombat’s long-standing belief that end-user security awareness and training initiatives are vital to an organization’s last line of defense against devastating attacks.

Below are the top 2018 predictions from the Wombat Security team:

  • 2018 will undoubtedly see a big increase in cyber-attacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry. Therefore, end-user training on how to recognize these risks is a considerable factor in the fight against cybercrime.
  • The GDPR and NIS Directive will bring shockwaves as cases of non-compliance are revealed, with organizations facing significant fines and public scrutiny. Some companies — including those based in the US but with European customers or suppliers — will fail their mission to comply with the GDPR, and the results will be very public and very expensive. In 2018, global enterprises will need to revise their cyber missions to dedicate themselves to improved cyber defense. As it has always been, quality, targeted end-user awareness training will be pivotal.
  • Phishing will remain by far the most dangerous method for a cyber-attack. In our 2017 State of the Phish™Report61 percent of infosec professionals reported experiencing spear phishing attacks. The ideal strategy against these threats, because technology often doesn’t catch spear phishing attacks, is a proactive, comprehensive training program that helps users defend against this increasingly pervasive threat. Smishing will become a more successful and prominent vector for cyber-attacks, but the very prevalent and dangerous email phish – which comes in many forms – will persist as the most common vector for cyber-attacks. We will see more ransomware attacks, more identity theft, and more large (and even multi-national) data breaches that will begin with a simple phish. Though it wouldn’t be surprising to see the overall volume of phishing emails decrease, the increasingly sophisticated nature of these attacks will result in higher failure rates with uneducated users.
  • The IoT will further complicate — and compromise — cybersecurity. All verticals and companies that rely on internet connectivity to conduct business will see their cyber risk grow in 2018. Financial services, retail, and healthcare verticals will be primary targets, because of the significant monetary gains and because previous attacks against these verticals have been so successful. Also, the greater reliance on the Internet of Things (IoT) will present new vectors for attacks. Managing vulnerabilities with IoT devices in the mix will prove more difficult than managing vulnerabilities inside a typical enterprise data center operation.
  • Attackers will seek opportunities to not just steal data, but to undermine data integrity. In 2018, we may see the very first attack that attempts to disrupt the integrity of patient care laboratory results or alter financial statements for a financial services company. We think about the impact of identity theft as a primary purpose, because identities have financial significance. But we rarely think as well about the potential for attacks directly against data integrity. A complete breach of confidence may result, and then we will all need to rethink how and why we connect to the internet and compute.
  • The use of Facebook and other internet-based vectors to promote particular agendas will continue to increase in 2018. The use of social media to advance a particular (even nefarious) agenda has been so wildly successful that we can readily expect its continued use and expansion for other causes and from other national sources in 2018. This activity is still in its infancy, and we have yet to see the full impact of cyber propaganda upon our politics, governments, and cultures worldwide.

Silicom Expands Penetration of Cyber Security Leader: Customer Shifts to Use of Silicom’s Encryption Solutions

Silicom Ltd. (NASDAQ: SILC) today announced that one of its existing customers, a world-leading Cyber Security player, has selected Silicom’s encryption solution over the competitor’s solution that it is currently using, and plans to deploy it in a number of its new platforms.

To date, the customer has confirmed that it has designed in a Silicom encryption card into two of its new platforms and that it plans to deploy it in additional platforms over the year ahead. Once all of these platforms are launched and complete sales ramp up, Silicom expects related volumes to reach approximately $2 million per year.

Commenting on the news, Shaike Orbach, Silicom’s President & CEO, said, “This important win over an entrenched competitor demonstrates that our encryption solutions are becoming the mainstream standard for Cyber Security, one of our primary target markets. We are delighted to continue deepening our relationship with this industry leader, achieving a privileged position that brings us new opportunities and gives us unique insight into industry needs. As such, we believe we are ideally positioned to ride the Cyber Security’s expansion as one of our major future growth drivers.”

RiskSense Webinar to Expose 10 Year Weaponization Pattern of Apache Struts Vulnerabilities

 RiskSense®, Inc., the pioneer and market leader in cyber risk management, today announced that it will present a webinar on Dec. 14 that uses research findings on Apache Struts vulnerabilities over a 10 year period to illustrate the shortcomings in traditional approaches to vulnerability detection and assessment. The presenters will also outline best practices for identifying and remediating the most hhigh-riskthreats to prevent attacks.

WHO: 

Anand Paturi, Vice President of Research and Development

Barry Cogan, Senior Security Analyst

WHAT

The recent Apache Struts vulnerability was responsible for several high profile data breaches. In this webinar, two leading RiskSense researchers will present findings based on the analysis of Apache Struts-related vulnerability weaponization patterns over the past decade, including the fact that scanners are still unable to detect nearly 15 documented Common Vulnerabilities and Exposures (CVEs).

The webinar will include a live demonstration of Apache Struts exploits, and present best practices for using intelligence about attack patterns to identify and prioritize the highest risk threats so they can be remediated first to prevent attacks and security breaches.

WHEN:  

Thursday, Dec. 14, 2017 at 2:30 PM EST

WHERE:   

Webinar, delivered to your digital device.

HOW: 

To schedule a conversation with RiskSense, contact Marc Gendron at marc@mgpr.net or +1 781.237.0341.  For more information, visit: https://www.brighttalk.com/webcast/15653/292863?utm_source=RiskSense&utm_medium=brighttalk&utm_campaign=292863

Resources

RiskSense Platform Overview: http://bit.ly/2yIJ1YE
White Paper on Operationalizing Cyber Risk: http://bit.ly/2gaurSX
Webinar on Cyber Risk Management: What’s Holding Us Back? http://bit.ly/2xTE2ba

WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume

 WatchGuard® Technologies, a leader in advanced network security solutions, today announced the findings of its quarterly Internet Security Report, which explores the latest computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises. The research revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasizing the importance of layered security and advanced threat prevention solutions.

“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof. Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”

The ever-growing mob of constantly evolving security threats can seem overwhelming to the average small business with limited staff and resources. WatchGuard’s Internet Security Report examines the modern threat landscape and delivers key data, educational guidance and in-depth research to help readers understand the latest attack trends and update their defenses. Major findings from the Q3 2017 report include:

  • Scripting threats account for 68 percent of all malware. WatchGuard’s Gateway AntiVirus (GAV) solution uses signatures that block various types of JavaScript and Visual Basic Script threats, such as downloaders. The sum total of these script-based attacks accounted for the vast majority of the malware detected in Q3.
  • Malware quantities have skyrocketed; a trend that will likely continue. Total malware instances spiked by 81 percent this quarter over last. With more than 19 million variants blocked in Q3 and the holiday season approaching, malware attempts will likely increase dramatically in Q4 as well.
  • Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.
  • Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioral detection solutions are still the most effective way to block advance persistent threats.
  • Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious, and often malicious sites. While potentially malicious iframes showed up everywhere, including the U.S. and Canada, their numbers jumped significantly in both the UK and Germany.
  • Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials (like Mimikatz) returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.

WatchGuard’s Internet Security Report is based on anonymized Firebox Feed data from nearly 30,000 active WatchGuard UTM appliances worldwide, which blocked more than 19 million malware variants and 1.6 million network attacks in Q3. The complete report includes defensive strategies for responding to the latest attack trends, based on analyses of the quarter’s top malware and network threats. The report also examines the growing trend of supply chain attacks by evaluating the most notable instances from Q3 – NetSarang, Ccleaner and fake Python packages.

WatchGuard Threat Lab’s latest research project – a detailed analysis on Q3 phishing trends – is highlighted in the report as well. This project features email spam and malware data captured by the team’s “Artemis” honeynet, which is now publicly available on GitHub for download and use.

For more information, download the full report here.

Drive Trust Alliance Announces Free Fix for Lurking Ransomware Threats

There are many millions of computer hard drives, from every hard drive maker, that are especially open to devastating ransomware attacks.  These drives are known as a TCG Self-Encrypting Drives (SEDs).  If they are not properly initialized, there can be trouble with ransomware attacks.  If these are properly initialized, there is little or no danger of these ransomware attacks.

Most Solid State Drives or SSDs and many hard disk drives in laptops, desktops, and servers worldwide fall into this uninitialized category.  People worldwide use these SEDs today for boot drives, USB attached storage, and server storage.  Very few even know the danger.

And ransomware is not a thing of the past.  It continues.  An unsuspecting victim clicks on an email attachment, or something on the web, and his data is encrypted by the attacker. The attacker then demands a ransom payment to unlock his data.  Nobody is safe from a successful ransomware attack.  As one government official has remarked, it is not a question of “if” it is a question of “when.”

For over a decade these SED drives have been in distribution.  All too often, software does not properly initialize the drives to prevent ransomware attacks.  The hacker can then instantly employ the strong hardware drive encryption to encrypt the data on it.  As Dr. Robert Thibadeau of DTA remarks, “Notably, even Microsoft Bitlocker often does not detect the Self-Encrypting Drive, and will use Software Bitlocker.  Bitlocker then leaves the drive open to a ransomware attack that the guy didn’t expect.  The same is true for virus checkers and other security software.”

The Drive Trust Alliance (DTA) has introduced a small Windows program, for free, SEDProtect.exe.  This software will detect any vulnerable TCG Opal Self-Encrypting Drive connected to a computer.  SEDProtect is based on DTA Open Source which can also be downloaded for inspection.  See www.drivetrust.com/protect .  The protection is simple and easy as typing an owner password for the drive.  This need be done only once for the life of the drive.

To put these SEDs to safe use in USB Attached storage, DTA has introduced full featured software in DTA’s Personality Series of USB SEDs.  The USB Personality Series includes personal, small IT shop, family, archival, and forensic drives at the same low price. They are available on Amazon under “DTA hardware encrypting.”  Like SEDProtect, Personality Series USB software can also detect any other vulnerable USB drive that happens to be a TCG Opal SED, and will permit the owner to secure and manage that drive as well.

DTA urges everyone to check and protect their machines for TCG Opal SEDs.  DTA (www.DriveTrust.com) has an educational and technical mission to improve the adoption of hardware-encrypting storage.   Protected, the real owner of the drive can benefit from the self-encrypting drive’s amazingly strong privacy and security assurances.  Unprotected, ransomware wins.

Preempt Finds Flaw in Office 365 with Azure AD Connect Which Could Result in Domain Compromise

 Preempt, a leader in adaptive threat prevention that helps enterprises eliminate insider threats and security breaches, today announced its research team has uncovered a vulnerability with Microsoft Office 365 when integrated with an on-premises Active Directory Domain Services (AD DS) using Azure AD Connect software that unnecessarily gives users elevated administrator privileges, making them “stealthy”  administrators. Preempt provided responsible disclosure to Microsoft which has issued a customer security advisory today regarding the vulnerability.

Preempt discovered this surprising issue was occurring when customers were installing Microsoft Office 365 with Azure AD Connect software for on-premise AD DS integration (hybrid deployment). Preempt customers have been protected from this flaw since October by providing the in-depth defense with both alerting on stealthy administrators and real-time prevention when suspicious behavior is detected.

“Most Active Directory audit systems easily alert on excessive privileges, but will often miss users who have elevated domain privileges indirectly through domain discretionary access control list (DACL) configuration,” said Roman Blachman, CTO and co-founder at Preempt. “We refer to these users as stealthy admins. The majority of our customers’ have Office 365 hybrid deployments and almost every one of them were vulnerable to this because Azure AD Connect was installed in express settings and created this flaw.”

This discovered vulnerability points to a much larger issue as more companies move to the cloud. This vulnerability piles on to previously detected issues, including Microsoft Advisory 4033453, that has discovered an issue with writeback feature – granting Azure AD administrators complete control over on-premises AD DS infrastructure. Privileged users are often overlooked and are not managed correctly when synchronized with the cloud, due to limited toolset in comparison to the on-premises solutions. With the introduced cloud identity management, new management and security challenges are introduced.

By identifying stealthy administrative accounts through not-so-obvious delegation, Preempt helps enterprises ensure that privileged accounts are used consistent with corporate security policies. Unlike privileged identity management (PIM) or privileged access management (PAM) solutions that lack support for behavioral policy and adaptive response, Preempt is able to understand the full relational context of user identity and behavior allowing enterprises to not only identify such risks as MSOnline (MSOL) privilege escalations, but also detect and proactively prevent compromise of such accounts. Without Preempt’s real-time discovery, detection and enforcement, the possibility of a malicious attacker being able to gain domain administrator privileges through such vulnerabilities and cause damage, is significant for enterprises.

For organizations who need to determine if they are at risk of stealthy administrators in their organization either from cloud environments such as the Azure AD Connect account flaw or for other reasons, Preempt has developed a free tool, Preempt Inspector, that can provide a free enterprise health assessment for passwords, stealthy administrators and more.

The Free Preempt Inspector tool can be downloaded here: http://inspector.preempt.com.

BlackRidge Technology and MAD Security Partner to Deliver Next Generation Cyber Security Solutions to Government and Commercial Markets

 BlackRidge Technology International, Inc. (OTCQB:  BRTI), a leading provider of next generation cyber defense solutions, is pleased to announce a strategic partnership with MAD Security, LLC., a premier provider of cyber security solutions. The partnership provides a fully managed solution that protects enterprise networks and cloud services from today’s advanced cyber threats to federal agencies and commercial industries across the United States.

BlackRidge develops, markets and supports a family of products that provide next generation cyber security solutions for protecting enterprise and government networks, systems and cloud services. BlackRidge’s patented First Packet Authentication™ technology was developed for the military to cloak and protect servers and segment networks. Network and server resources are better protected and less vulnerable to compromise with BlackRidge in place.

MAD Security serves as an official reseller and integrator of BlackRidge Technology’s adaptive trust solution for cyber defense, providing both consulting and managed security services for BlackRidge products.

“We look forward to leveraging MAD Security’s expertise and extensive experience serving the Department of Defense, Department of Homeland Security, and civilian agencies,” said Scott Armstrong, Federal Director at BlackRidge Technology. “Our customers will benefit from having MAD Security integrate, deliver and manage a BlackRidge cyber defense solution.”

“We are very excited to begin this partnership with BlackRidge Technology as we pride ourselves in delivering next generation cyber security solutions to address today’s advanced cyber threats,” said Joe Delaney, Director of Federal Sales at MAD Security. “This is a substantial step in MAD Security’s aspiration to become an industry-leading cybersecurity integrator with strong products for the public sector. Reselling BlackRidge Technology’s cyber defense solution further strengthens MAD Security’s ability to serve customers in both the public sector and commercial markets.”