In 2014, Lastline published a blog titled “Web Security for Advanced Malware and Persistent Threats”. Four years later it remains a very popular post—describing how Lastline compliments Secure Web Gateways (SWGs) to dramatically bolster web security—particularly against Advanced Persistent Threats (APTs).
A lot has changed since 2014. Complimenting SWGs with enhanced protection is of course still necessary — even more so today than four years ago. What has changed is that the threat exposure has continued to increase. APTs are more common and dangerous than ever and understanding how these threats have grown in complexity and sophistication is critical for those tasked with keeping their networks safe.
Fortinet has just released its Quarterly Threat Landscape Report for Q1 of 2018, and the numbers are interesting. While some of the most common threat indicators actually dropped during the quarter, the data also shows that attackers may simply be refining their technologies and methodologies.
Another interesting trend was the variety of attack vectors that were targeted. While Meltdown and Spectre dominated the headlines in Q1, and Microsoft continued to be the number one target for exploits, routers took the number two spot in total attack volume. Growing from a tiny risk just a few years ago, over one in five organizations now report mobile malware (up 7%, to 21%). At the same time, Web oriented technologies were also heavily hunted by cybercriminals. Another technology area under attack in Q1 was web Content Management Systems (CMS).
Understanding how malware works, and in particular, the strategies and tactics most often used by malware authors is vitally important for cybersecurity professionals. In other blog posts, Lastline provides a brief history of malware and basic malware types. In this post, we’ll look at some of the common methods that malware authors use to distribute, control, and hide malicious code.
LogRhythm, known as “The Security Intelligence Company,” has just released its annual benchmark survey, Cybersecurity: Perceptions & Practices, which measures cybersecurity perceptions and practices of organizations in the United States, United Kingdom, and Asia-Pacific regions. The impressive 28-page survey report, conducted by Widmeyer, surveyed 751 IT decision makers. It found that fewer than half of all organizations were able to detect a major cybersecurity incident within one hour. The survey also revealed that a majority of organizations are only moderately confident in their ability to protect their companies against hackers.
Adapting to the new digital economy requires organizations to not just retool their networks, but in many cases, core business processes as well. The creation, exchange, and analysis of data – about customers, products, and their usage – enables organizations to gain the insights they need to improve operational efficiency, business agility, and the customer experience.
The three pillars of digital business are automation, agility, and analytics. As the speed of business accelerates, critical processes need to occur at digital speeds, which means that human beings, and human error, need to be removed from many of the basic operations that support the organization. Automation allows critical personnel to be reassigned to higher-order projects that rely on real-time analysis of growing volumes of data in order to enable agile business.
Internet of Things (IoT) botnets have forever changed cyber-security. When an IoT botnet – which is a group of internet-connected computers, appliances or devices that have been co-opted to launch a cyber-attack – is unleashed, the results can be devastating.
Nearly any internet-connected device can be considered an IoT device. With humanity’s growing reliance on the internet, the number of devices capable of being hacked and used as part of a botnet has increased dramatically. By 2020, there will be over three IoT devices for every human on planet earth.
As a result, what was once the storyline for a science fiction movie (household appliances being hacked and turned against humanity) now reality. From fish tanks to dishwashers to automobiles, here are seven of the strangest IoT devices that have been hacked in recent years.
The cybersecurity challenge centers around a fundamentally simple concept: Email keeps businesses running and stores critically important corporate and personal data, but email is also the top vector for cyberattacks. The cyberattack trends and numbers speak volumes:
Mimecast, a leading email and data security company, has helped garner momentum recently by stressing the importance of having a cyber resilience strategy. Cyber resilience involves extending email security beyond a 100 percent prevention-centric approach. Instead, it encourages the adoption of a resilient-centric cyber approach that applies threat prevention and adaptability to new types of threats, while combining built-in durability and rapid response.
In February 2018, several Russian nuclear scientists were arrested for allegedly mining cryptocurrencies using computing resources located at a Russian nuclear warhead facility. Globally, cryptominers are rapidly increasing and spreading for an obvious reason: it’s lucrative. Threat actors are also surfing this wave by using different kind of attacks to compromise not only personal computer but also servers. They are looking for powerful CPU resources to mine cryptocurrencies, such as Monero (XMR), among others, as fast as they can. The more infected machines they can get mining for them, the more money they can make.
“50% of organizations use more than one public cloud infrastructure vendor, choosing between Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and a series of others”
In this blog post, we explore the history of cloud computing and security that has led us to our multi-cloud reality. Read it here.
In the post, we explore:
In today’s security space, we’re all too familiar with the challenges presented by industry-wide shortages in talent, budget, and dedicated security infrastructure. Many insights from the LogRhythm 2018 Cybersecurity: Perceptions & Practices benchmark survey confirm this common understanding, yet one finding cuts to the core of the issue: Less than half of all surveyed organizations are able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident they would be unable to contain it within an hour.