Category Archives: Cyber Attacks

Chuck Leaver – These Cyber Readiness Items Need To Be On Your List

Presented by Chuck Leaver, Chief Executive Officer Ziften Technologies Written By Dr Al Hartmann

 

1. Security Operations Center (SOC).

You have a Security Operations Center established that has 24/7 coverage either in company or outsourced or a combination. You do not desire any gaps in cover that could leave you open to infiltration. Handovers need to be formalized between watch supervisors, and appropriate handover reports provided. The supervisor will offer a summary daily, which provides information about any attack detections and defense countermeasures. If possible the cyber crooks need to be determined and differentiated by C2 infrastructure, attack method etc and codenames given to these. You are not trying to associate attacks here as this would be too difficult, but simply keeping in mind any attack activity patterns that correlate with different cyber lawbreakers. It is important that your SOC familiarizes themselves with these patterns and have the ability to separate attackers or perhaps spot new attackers.

2. Security Vendor Support Readiness.

It is not possible for your security workers to understand about all aspects of cyber security, nor have visibility of attacks on other organizations in the same market. You need to have external security support groups on standby which could include the following:.

( i) Emergency response group support: This is a list of providers that will respond to the most severe of cyber attacks that are headline material. You must ensure that one of these vendors is ready for a major threat, and they must receive your cyber security reports regularly. They should have legal forensic capabilities and have working relationships with law enforcement.

( ii) Cyber hazard intelligence support: This is a supplier that is gathering cyber risk intelligence in your vertical, so that you can take the lead when it concerns risks that are emerging in your vertical. This team needs to be plugged into the dark net searching for any indications of you organizational IP being pointed out or chats between hackers discussing your company.

( iii) IoC and Blacklist support: Due to the fact that this includes numerous areas you will need numerous vendors. This includes domain blacklists, SHA1 or MD5 blacklists, IP blacklists, and indications of compromise (suspect config settings, pc registry keys and file paths, etc). It is possible that some of your installed security products for network or endpoint security can offer these, or you can designate a third party specialist.

( iv) Assistance for reverse engineering: A supplier that focuses on the analysis of binary samples and provides detailed reports of content and any possible hazard and also the family of malware. Your current security suppliers might provide this service and specialize in reverse engineering.

( v) Public relations and legal support: If you were to suffer a significant breach then you have to make sure that public relations and legal assistance remain in place so that your CEO, CIO and CISO do not end up being a case study for those studying at Harvard Business School to discover how not to deal with a major cyber attack.

3. Inventory of your assets, classification and preparedness for security.

You have to make sure that of your cyber assets go through an inventory, their relative worth classified, and implemented value proper cyber defences have been enacted for each asset category. Do not rely entirely on the assets that are known by the IT group, employ a company unit sponsor for asset identification particularly those hidden in the public cloud. Also ensure crucial management procedures are in place.

4. Attack detection and diversion readiness.

For each one of the major asset classifications you can produce reproductions using honeypot servers to lure cyber crooks to attack them and disclose their attack approaches. When Sony was infiltrated the hackers discovered a domain server that had a file named ‘passwords.xlsx’ which consisted of cleartext passwords for the servers of the business. This was a good ruse and you must use these tactics in enticing locations and alarm them so that when they are accessed alarms will sound instantly suggesting that you have an instant attack intelligence system in place. Modify these lures frequently so that they appear active and it doesn’t appear like an apparent trap. As a lot of servers are virtual, hackers will not be as prepared with sandbox evasion methods, as they would with client endpoints, so you may be lucky and actually see the attack occurring.

5. Monitoring preparedness and continuous visibilities.

Network and endpoint activity must be kept an eye on continuously and be made visible to the SOC team. Because a lot of client endpoints are mobile and therefore beyond the organization firewall software, activity at these endpoints should likewise be monitored. The monitoring of endpoints is the only certain approach to carry out process attribution for monitored network traffic, because protocol fingerprinting at the network level can not constantly be trusted (it can be spoofed by cyber crooks). Data that has been monitored should be conserved and archived for future reference, as a variety of attacks can not be identified in real time. There will be a requirement to rely upon metadata more regularly than on the capture of full packets, because that enforces a significant collection overhead. Nevertheless, a variety of dynamic risk based monitoring controls can lead to a low collection overhead, as well as react to major risks with more granular observations.

All Organizations Need To Protect Themselves After Bank Attacks – Chuck Leaver

Composed by Chuck Leaver Ziften CEO

 

The world of global hacking includes a lot of cyber wrongdoers that it would be difficult to name all them. Nevertheless, there are some hacking cooperatives that make their voices heard louder than the others, and a fine example of this is the Anonymous group. Primarily developed to be a hacking group that was loosely assembled, on occasions the Anonymous group will perform high profile attacks by using the hacking know-how of its members to make life hard for federal governments and large corporations. Digital Journal has actually revealed that Norway banks have ended up being a target of the Anonymous group.

Anonymous Make All Of Their Cyber Attacks Simultaneously As A Show Of Force

Through making use of cyber attacks Anonymous is a group that likes to show the world the power that is has. It shocked nobody that the Norwegian part of Anonymous decided that they would attack a variety of the nation’s banks, the decision was likewise made to infiltrate all of the banks at the same time. On a particular time on the same day, eight of Norway’s greatest banks were attacked by the group, and this caused the electronic banking services of the 8 banks being severely disrupted.

Supervisor of the Evry security team, Sverre Olesen, stated “the degree of the attack is not the greatest we have actually seen, but it is the first time that such an attack has actually hit many main firms in the financial sector in Norway”.

Other than demonstrating the power that the Anonymous group possesses, the fact that all of the attacks occurred at the same time reveals that cyber criminal activity is ending up being more of a collective effort with hackers collaborating to compare notes and supplying a united force against selected targets. Any company is susceptible to this.

They Enjoy Remaining in The Limelight

Most of the cyber lawbreakers are not looking for any publicity, they simply wish to take cash quickly. They simply wish to get in and out fast. But the Anonymous group enjoys being in the spotlight even though there is no public link to any particular individual.

According to allvoices, after the cyber attack on the Norwegian banks had occurred Anonymous did not lose any time taking credit for this in public. The cyber attacks on the banks not only disrupted the online pay platforms but also created extreme problems for customers of the banks.

This attack by Anonymous underlines the requirement for all companies to implement endpoint threat detection and response systems that will secure them from the exact same devastating events happening to them.

 

Layered Security Protection Would Have Prevented Bank Attacks – Chuck Leaver

Chuck Leaver CEO Ziften writes

 

There have been a number of cyber attacks on ATMs which have allowed wrongdoers to take millions of dollars. In order to combat this risk, financial companies need to understand the different aspects of cyber security and the reasons behind their usage. Financial data will constantly be highly preferable to cyber lawbreakers as most want to generate income fast which means that consumer monetary records and ATMs are both at risk. To execute the ideal security measures, financial organizations have to understand the layers that they require to keep the criminals away.

Sadly, unlike mythological monsters of legend, there isn’t a single weapon in the security system toolbox that can protect a server from being hacked. There are no cure-all applications to stop hacking. The very best method to protect online servers of ATMs and banks, the monetary organizations will need to utilize a number of different techniques to keep their info protected. According to PC World, the hackers that penetrated the ATMs did so using malware that was very hard to find. Banks actually have to utilize endpoint security as cyber bad guys can try to infiltrate systems by creating hacking tools that are a threat to bank security through the use of computer systems that are utilized by bank tellers. This will provide plenty of alternatives to penetrate the network of ATMs.

A Human Eye Is Required With Modern Day Security

The days have actually now gone where firewalls and automated services were enough to keep hackers at bay. Banks should be utilizing endpoint threat detection and response systems to keep out the cyber criminals. There was an article on CRN.com about US bank accounts being penetrated by cyber wrongdoers from Russia and this shows the destructive impact that hackers can have on banks that are not effectively protected. The use of security employees 24/7 with items supplied by security companies is one method to make sure that a network is not compromised, however this is only one piece of the security puzzle that has to be used.

There needs to be a change in the organization culture so that the use of strong passwords is adopted, a policy that values security presented that prevents people bringing USB drives, and other computer devices, to the office without authorization are really essential. This and other policies that will avoid malicious elements from infiltrating a server are all crucial. A malware attack can be prevented earlier with using endpoint security. The use of stronger locks so that the wrongdoers might not break through and install the malicious software application would also have assisted.

Using different security layers to prevent cyber wrongdoers accessing networks an organization will buy time for humans to recognize and stop the risks before any damage is triggered. A passive security system that reacts too late is not sufficient to provide the high levels of security that organizations have to keep their data safe.

 

 

Chuck Leaver – The Ramifications Of Malware Threats Can Be Huge

By Chuck Leaver, Ziften CEO

 

There have actually been a number of developments in the area of cyber security and it is more important now than ever that company’s should work together. Obviously there will constantly be the worry of exposed secrets and the loss of monetary data; a variety of malware strains are proving to be actually insidious and devastating for companies. The oil and gas sectors and the financial industry have to be worried about their relationships with a broader range of companies that are consumers and providers, and what a cyber attack on any of those will imply to their company. A cyber attack not just affects the company that has been attacked but also their customers and others that deal with their clients.

When endpoint threat detection software is combined with anti malware, firewalls, and encryption services it can be vital for combating the risk of a different range of hazards. Combined, these systems are a genuine force when it comes to identifying and trapping any harmful code that tries to infiltrate an organization’s servers. Using this as a metaphor, the company’s security officer in control of this combination is the spider – able to respond to subtle modifications through using endpoint threat detection and response software that tells the officer when something is happening on the servers. While anti-malware software applications, firewall software and file encryption all provide points at which it is difficult for destructive traffic to make a move on a server, the spider is the element that eventually eliminates the infiltration. The human element is required due to the fact that some malicious traffic will know many traditional security systems that will be in place to protect against attacks. Human intelligence is needed to respond to malware as it aims to penetrate an organization’s network and fix the problem.

 

Understanding Cyber Attacks And Their Influence on Partners

 

It is true that many financial and oil and gas organizations do invest a great deal of money on cyber security since they comprehend the big dangers behind having consumer data taken, or experiencing a devices malfunction, or perhaps both, but there are even more ramifications. If a significant bank struggled with a breach then this might significantly impact client trust in the banking system and result in economic collapse. According to Eagleford Texas, there are some factors out there, such as BlackEnergy, that are intent on infiltrating United States energy systems and destabilize critical monetary institutions within the borders of the USA. If this holds true then banks have to implement endpoint threat detection and response systems as a way of keeping an eye on even subtle changes on their network.

The rapid pace of development in technology will always raise problems about cyber security. The Human-Centric Security Initiative at the University of New Mexico has actually originated the development of real cyber security awareness amongst the professionals whose task it is to lessen the damage that can be brought on by cyber attacks. This charge is lead by companies that have a combination of endpoint threat detection software, antivirus and anti malware suites, firewalls, and encryption services. If a critical service such as electronic banking is jeopardized then this can have ramifications beyond data theft and have an effect on individuals’s lifestyle. The monetary sector has a massive responsibility to safeguard customer records as they are the custodians of their funds.

 

Chuck Leaver – Understand The Real Cost And Potential Impact Of Cyber Security

Written By Chuck Leaver Ziften CEO

 

Almost all organizations understand that they need to buy cyber security but they are never ever sure what they need to invest or why they must be investing. The notion that they might face a cyber attack on one of their servers and have delicate details taken is something that every organization has to contend with, but exactly what kind of attack the hacker would utilize and how the organization can safeguard itself is not so clear.

The bottom line is that overall digital protection is tough to accomplish, and any presentations about cyber attacks in the media never ever supplies details of how the attack occurred. If this details was to be shared by the media then it might set off copy cat cyber attacks. At the same time, media coverage of cyber attacks has the tendency to leave out some fundamental information such as the fact that the majority of data theft occurs by finding a way past a login page and not through getting past all the computer network security measures.

Endpoint threat detection and response systems are so important to a company since it provides information about cyber attacks as they are occurring, which then provides the company a chance to fend off the invasion. This is in contrast to previous endpoint threat response systems which was just able to respond after the attack. They were more like a brick wall that a hacker might get around in time. The brand-new endpoint systems avoid cyber lawbreakers from being able to produce an attack on a simulation of a network utilizing servers in their home then replicate this to infiltrate an organization’s network. The brand-new endpoint systems continuously watch and offer a human intelligence option that can eliminate hackers from the network and restore any damage to files that have been compromised.

 

There Is Such A Need For This Software Today

 

The financial losses that an organization can face if they do not apply the right cyber security are significant. Some companies are at the greatest threat since they do not utilize cyber security at all. There is a rule of thumb that states if an organization employs 50 individuals then they must spending plan $57,600 per year for cyber security. If the organization is larger then this would rise proportionally, according to Businessweek. Many organizations are under buying cyber security because they do not completely understand the implications of data theft and how it can cost them millions of dollars without factoring in the intangible costs of staining the reputation of the company.

The very best investment a company can make in cyber security is to encrypt all communication lines and execute antivirus, anti malware and a cutting-edge endpoint threat detection and response system. These are the essential components for producing a security system that is capable of defending against a range of risks. If a company does not use a combination of security systems then they can be caught unaware with a cyber attack they had not considered. It is important that all aspects of cyber security are considered when building a network defense and all sensitive data should be stored on servers and not on personal computer disk drives. It holds true that there are numerous ways that the infrastructure of an organization can be attacked, and making preparations for these can assist companies to make the modifications that they need to. The security of an organization’s network is probably the most crucial aspect for the safe keeping of data. When you implement an enclosed, cyber secure network it will permit administrators to let their workers work easily.

 

 

Don’t Make A Secret Out Of Cyber Attacks – Chuck Leaver

From The Desk Of Chuck Leaver Ziften CEO

 

A business suffers a cyber attack. The system administrators discover the attack, they would like to know more about it, they send their IT team to try and stem the attack and recuperate lost data. This is exactly what happens after numerous companies have been breached, however then business typically cannot take the next important action: the proactive informing of their consumers that they have actually experienced a cyber attack. There have been many cases where it has been difficult to get a business to reach out to its consumers and it takes a lot more time and threat than it ought to do.

There is a tendency now that business that have actually been breached simply do not want to inform those that have been impacted by the attack– their consumers– that the attack took place according to the Portland Press Herald. The factor that businesses do not wish to tell their consumers is completely self-centered. They are concerned that the track record of their company will be damaged if they tell the world about the attack so they constantly want to keep this news in house. Both Target and Neiman Marcus did this and waited far too long to tell their consumers that they had actually been victims of a cyber attack.

 

It Is Simply Disadvantageous To Keep Cyber Attack News Far from Your Consumers

 

It is totally careless to keep back on informing your clients about a cyber attack and it can likewise work against you. If there is a long gap between the attack occurring and businesses admitting that it took place then it can appear that the business is being dishonest and is not competent to safeguard consumer data. Regardless of this, businesses that have experienced an attack continue to withhold this info from their customers. JP Morgan Chase was an example where there was a delay of around 4 months before they told their clients that they had suffered a significant cyber attack. U.S. Public Interest Research Group consumer program director, Ed Mierzwinski, said there is a lot of work to do when it pertains to informing clients that a breach has actually occurred.

He said that clearing your name was a “nuisance”. He likewise said that it takes a lot of time and the business does not get paid for doing this.

In spite of the time and effort involved, it is essential that businesses embrace a complete recovery procedure and that they inform their clients about the cyber attack every step of the way. If the idea of telling your clients that you have been attacked does not appeal then you can avoid attacks from occurring in the first place. If a stringent endpoint detection and response system is implemented then a company can safeguard their network and be sure that they will not suffer from a cyber attack and put their client data at risk.

 

 

 

 

 

 

More soon

 

Chuck Leaver