[metaslider id=2951] … Read More
Canadian Companies See Increases in Attacks, Breaches, and Sophistication in the Last 12 Months
If you read the latest Canadian Threat Report from Carbon Black, the Canadians have it bad… really bad. With increases across the board, Canadian organizations are needing to step up their security game.
Cybercriminals don’t care what country their victim is in, as long as there is money to be made. And Canada is no exception. So, security vendor Carbon Black surveyed 250 CIOs, CTOs, and CISOs to better understand what the cyberattack landscape looks like and what trends are being experienced.
According to the report, Canadian organizations have had it rough over the last 12 months:
76% reported an increase in attacks
10% an increase in attacks of more than 100% over the previous 12 months
81% reported attacks have become more sophisticated
83% report being breached
The average number of breaches is 3.2
As nice as the Canadians are, they are not just sitting back and taking it. The report highlights a few responses to all of these attacks:
59% are actively threat hunting
85% anticipate an increase in security spending
According to the report, the number one cause of successful breaches was phishing. This should come as no surprise, as phishing as long been sitting at the top of the attack vector food chain. The use of phishing means Canadian organizations need to take some of that increased security budget and spend it in a way that will materially decrease the success of phishing attacks.
Employees are the weakest link in phishing attacks, being fooled by social engineering tactics, contextual details pulled from online intel-gathering, and a general lack of vigilance on the part of the employee. Organizations using Security Awareness Training along with phishing testing can elevate the employee’s understanding of why continual security awareness is necessary, what’s at stake, and how to protect themselves and the organization from phishing attacks that can result in malware infections, data breaches, and ransomware attacks.
The Canadians have realized they need to get serious about cyber security. Adding Security Awareness Training to their strategy needs to be a primary part of the strategy.
Voice Phishing Scams are Getting More Clever
This is a great article on just how good these are – even fooling those in the security industry. This is not someone contacting your claiming to be from Microsoft – the Windows and Linux division, nor the auto callers about the CRA or IRS issuing a bench warranty for your arrest – which most of us can definitely spot.
I encourage you to read the article in it’s entirety – then give us a call to discuss how an indepth security awareness training program can assist.
KrebsOnSecurity – Voice Phishing Scam are Getting More Clever
New Sleeper Strain of SamSam Ransomware Bypasses AV And Stays Hidden On Your Network
The ransomware strain that crippled several cities and school districts in the U.S. earlier this year is back with more tricks up its sleeve to avoid detection.
If you haven’t heard of SamSam, you haven’t been paying attention. Just one example of the kind of destruction they can cause is the recent attack on the Colorado Department of Transportation which caused downtime for 2,000+ systems.
This new SamSam strain adds a human element to its already devious mix of evasive techniques to keep antivirus, endpoint, and even more advanced security software from detecting it.
SamSam avoids being discovered using sophisticated methods of constructing its payload and how it executes. In a recent blog, endpoint protection company Malwarebytes provides a detailed technical explanation of how this new variant of SamSam works.
Your Executive Summary
Your executive summary is this SamSam strain avoids detection using three advanced techniques:
- It decrypts the payload only at run-time, making it nearly impossible to identify and analyze.
- The loader, payload, and logs are wiped, leaving very few traces behind for any forensics or scanning tools.
- It requires a password to be entered by the threat actor to run in the first place.
It’s that last part of the attack that makes this latest strain so dangerous. Unlike most ransomware strains which are designed to spread automatically, this new strain of SamSam is designed for targeted attacks.
By requiring a password, the payload remains encrypted (and, therefore, an absolute secret), only woken up when and where the bad guys choose to unleash it in your network, all at the same moment to create the biggest impact and damage.
Do You Want The Good News Or The Bad News?
The good news is that, should users accidentally download this strain of ransomware, or your network is compromised via an RDP brute-force attack, the payload is harmless without the password to run it. The bad news is, should the SamSam gang decide that your organization is next up to be extorted, all your users will be sitting on their hands for possibly weeks if your backups fail.
Younger employees ‘main culprits’ for security breaches
UK senior decision makers believe younger workers are the biggest risk to cyber security, but are doing little to support them and reduce that risk, a report reveals
From ComputerWeekly.com – Warwich Ashford
More than a third of senior executives believe that younger employees are the “main culprits” for data security breaches in the workplace, a study shows.
However, the same decision makers are doing very little to allay their own fears, with more than a third of 18 to 24 year olds able to access any files on the company network, and less than half (43%) have access only to the files that are relevant to their work.
The study, conducted by Censuswide, sought the views of 1,000 next generation workers (18-24 year olds) and 500 decision makers in UK organisations.
The study examines how security, privacy and online behaviour at work impacts the lives of younger employees and the companies that they work for.
Password sharing tops the list of what keeps decision makers awake at night (56%), but 29% of younger workers reveal that they are in the driving seat when it comes to password changes, with their employers leaving it to them to decide when they need a password change. Furthermore 15% admit to sharing passwords with colleagues.
Asked how younger employees could negatively impact the workplace, 47% of decision makers worry about them sharing social media posts and the impact these could have on brand and reputation. Many have even raised issues in court regarding such issues. Employment law firms such as Dhillon Law (learn more) and others regularly deal with cases of employee misconduct, which include cases of malicious or accidental data breaches, but also of younger employees being discriminated against due to such stereotypes.
However, these concerns appear well founded with one in five workers saying they are not bothered about how their social media activity might affect their employers and 18% admitting that their posts could compromise employers’ security and privacy policies.
However, less than half say their company has social media guidelines in place, highlighting the need for strong social media access controls that follow the principles of a zero-trust approach to security, which assumes that users inside a network are no more trustworthy than those outside the network. The lack of trust may be caused by previous incidents of security breaches or leaks of information due to carelessness or malpractice. In turn, this could result in chain-reaction events that could cause further losses for the company.
Likewise, communications within digital company workspaces leave a small window for security breaches. By using a ucaas hosted voice assistant software from a company such as BCM One, such wiggle room can be minimized regarding telecommunication-based activities. The use of hired or native communication software or applications in accordance with the company’s protocols can be regarded as a precautionary step. Following these steps can result in a more secure workspace for employees.
In addition to that, companies can also consider other ways to make sure that their business communication and data are secure. The “always on” approach to technology of younger workers with no experience of an off-line world, further reinforces the need for robust security policies, the study report said. When it comes to this generation of workers, 40% of decision-makers are concerned about their misuse of devices, while 35% say they are too trusting of technology and 30% worry they share company data too easily.
While 79% of decision makers report having a strong security policy in place and 74% of them think that their employees abide by it, over a third (37%) feel that young workers are too relaxed about security policies.
Awareness of the dark web
Decision-makers also say the next generation of workers have a good awareness of the dark web (87%), underground hacking (79%) and crimeware. And although around half (48%) say they have strict guidelines in place for employees accessing these new “dark arts”, 39% feel they could be better. That is why dark web monitoring is essential in all businesses so that there can be safety checks done consistently to keep on top of any issues.
“Some may think of younger workers as always online, always ready to share information and perhaps not being as concerned about privacy or security as perhaps older workers, but we must remember they are the business leaders of tomorrow and we must help not hinder them,” said Barry Scott, chief technology officer for Europe at Centrify.
“While it’s clear that employers are concerned about this new generation entering the workforce – and see them as a potential risk to both the business and brand – these same companies are perhaps guilty of not putting in place the right security processes, policies and technologies.
“If you give employees access to any information at any time from any place, or fail to enforce strict password and security policies, they are likely to take full advantage, putting both their own jobs at risk as well as the company itself,” he said.
According to Scott, the study shows it is time to discard the old castle and moat model of “trust but verify” because it does not work in today’s mobile-first, cloud-enabled world where employees can be anywhere and work on multiple devices.
“Traditional network perimeters are dissolving and security professionals must adopt a zero-trust security approach that assumes bad actors are already on the network,” he said. “With zero-trust, we verify every user, validate their device and limit their access to only the resources they need, and use machine learning to ensure the resulting improved security has no impact on efficiency.
“Let’s be clear that zero-trust is not saying we’ve lost trust in our employees, it actually provides an enabler to allow them to work exactly the same way wherever they are, and provides the company with a stronger security posture.”
Extra mentoring needed
The study report concludes that while managers’ assumptions that next-generation workers are the root of cyber security problems in the workplace may be overstated, there are some areas, such as social media use and password management, where younger workers do need extra mentoring.
Decision makers can do more to address this problem, the report said, by putting technical controls in place (for example, businesses can look here to learn more about the aforementioned zero-trust approach), refining security policies and communicating them effectively to employees.
However, according to the report, leadership and the need for decision makers to set a good example are equally important. “If managers can demonstrate a commitment to security through their own policies and actions, then the next-generation workforce will surely follow,” the report said.
Almost all business report being hit with an email-borne attack, survey
The almost total pervasiveness of phishing scams and other email-based attacks can be seen in a recent survey that found almost 90 percent of the cybersecurity executives saying their company was hit with an attempted or successful email-based cyberattack in the last year.
The Barracuda survey found employers are experiencing more email attacks with 81 percent seeing an increase in the last year, and 25 percent of those describing the increase as being dramatic. This is leading to the cost of mitigating costs with 81 percent seeing a jump in cost with 22 percent describing the price rising dramatically.
The price that must be paid in the wake of an attack is not just monetary. Sixty-seven percent of those surveyed said an email incident forced their IT team to divert needed resources from other priorities to deal with an attack; employee productivity was interrupted said 61 percent and 10 percent reported that their firm’s reputation took a hit.
Having sensitive corporate information stolen was judged to be the most costly kind of attack, followed by ransomware and business email compromise. When it came to recovering from a ransomware attack 12 percent of the companies decided their only option was to pay the ransom with the remaining 88 percent declining to do so. Interestingly, enterprise-size businesses were more likely to pay compared to small and medium-size operations.
“Based on how pervasive ransomware attacks have become, along with the accompanying media coverage, it’s somewhat surprising to see such a small percentage of companies paying. Perhaps it’s actually a glimmer of hope: maybe organizations had comprehensive backup solutions in place and were able to rapidly recover critical data without paying,” the report stated.
Thirty-five percent of the surveyed executives said their firm had been hit with a ransomware attack in the last year with 75 percent of those individual saying the malware was delivered via email, 32 percent from the web and 23 percent through network traffic.