AWS-Cloud-Security-Consulting.jpg

CYBER SECURITY CONSULTING SERVICE AWARDS AND RECOGNITIONS

CyberSecOp's comprehensive managed security services, cyber security consulting, professional services, and data protection technology are recognized as industry-leading threat detection and response solutions by major analyst firms, key media outlets, and others.

CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Microsoft Focuses on Kernel-Level Security After CrowdStrike Incident

What This Means for You

In the wake of a recent security incident involving CrowdStrike, Microsoft is making significant changes to its security strategy, focusing more intently on kernel-level protection. This shift highlights the growing importance of advanced security measures to protect systems against sophisticated threats.

The CrowdStrike Incident: A Catalyst for Change

CrowdStrike, a prominent cybersecurity firm, experienced a high-profile breach that underscored vulnerabilities in current security models. The incident revealed that even well-defended systems could be compromised if kernel-level protections were not sufficiently robust. This breach has prompted Microsoft to reevaluate and enhance its security approach to address these critical vulnerabilities.

What is Kernel-Level Security?

Kernel-level security involves implementing protective measures directly within the core of the operating system. The kernel is the central component that controls all system operations, making it a prime target for attackers. By fortifying security at this level, organizations can better defend against advanced threats that attempt to exploit system weaknesses.

Microsoft’s renewed focus on kernel-level security aims to address these challenges by:

  • Enhancing Protection Against Rootkits: Rootkits operate at the kernel level to hide malicious activities. By strengthening kernel defenses, Microsoft aims to prevent these sophisticated threats from gaining a foothold.

  • Improving System Integrity: Kernel-level security helps ensure that the core system remains unaltered and secure, protecting against unauthorized modifications and potential exploits.

  • Implementing Advanced Threat Detection: New technologies and techniques at the kernel level can detect and respond to threats more effectively, providing an additional layer of defense against sophisticated attacks.

Why Kernel-Level Security Matters

The shift to kernel-level security reflects a broader trend in cybersecurity where traditional measures are no longer sufficient to counter emerging threats. Kernel-level defenses offer several key advantages:

  • Deep Visibility: They provide a more granular view of system operations, enabling more precise detection and response to threats.

  • Enhanced Resilience: By securing the core of the operating system, organizations can better withstand attempts to compromise their systems.

  • Reduced Attack Surface: Strengthening kernel-level security reduces the potential points of entry for attackers, making it more challenging for them to exploit vulnerabilities.

What This Means for Your Organization

For organizations looking to bolster their security posture, Microsoft's shift to kernel-level protection serves as an important lesson. It highlights the need for advanced security strategies and the importance of staying ahead of evolving threats.

To effectively implement kernel-level security and other advanced measures, consider partnering with a cybersecurity expert like CyberSecOp. Our team can help you navigate these changes, ensuring that your systems are protected against the latest threats. By integrating cutting-edge security technologies and practices, we can provide visibility into every connection and safeguard your organization against potential breaches.

Conclusion

The CrowdStrike incident has been a pivotal moment in the cybersecurity landscape, driving significant changes in how companies approach system security. Microsoft’s increased focus on kernel-level protection represents a proactive response to these evolving threats, offering a model for other organizations to follow.

As cybersecurity challenges continue to evolve, investing in advanced security measures and partnering with experts like CyberSecOp is essential for maintaining a robust defense. By staying informed and adapting to new security paradigms, you can better protect your organization and ensure its resilience against future threats.

 

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Exclusive: The U.S. to Ban U.S. Sales of Kaspersky Software Over Russia Ties

In a significant move aimed at addressing growing concerns over cybersecurity and national security, multiple sources have confirmed, the United States Department of Commerce is set to announce a ban on selling Kaspersky software in the United States, according to a source familiar with the matter. The decision is expected to be formally announced later today amid heightened tensions between the United States and Russia.

A Preemptive Strike on Cybersecurity Threats

Kaspersky Lab, a Moscow-based cybersecurity and anti-virus provider, has been under intense scrutiny from U.S. officials for years due to its alleged ties to the Russian government. Despite Kaspersky's repeated denials of inappropriate connections, concerns have persisted about the potential for its software to be used for espionage or other malicious activities.

The Biden administration's decision reflects an ongoing effort to safeguard American digital infrastructure from potential foreign threats. This move follows a series of recent cyber incidents attributed to state-sponsored actors, highlighting the vulnerability of critical systems and the importance of proactive measures. 

Implications for Businesses and Consumers

The ban on Kaspersky software sales in the U.S. is expected to have wide-reaching implications for businesses and consumers. Organizations that currently use Kaspersky products will need to transition to alternative cybersecurity solutions, a process that could be both costly and time-consuming. For individual users, the decision underscores the importance of being vigilant about the origins and security of the software they rely on. 

Industry Reactions and Next Steps

Reactions from the cybersecurity industry have been mixed. Some experts applaud the administration's decisive action, viewing it as necessary to protect national security. Others, however, caution that the ban could have unintended consequences, such as escalating tensions between the U.S. and Russia or pushing malicious actors to develop even more sophisticated attack methods.

In the coming days, the administration is expected to provide further details on implementing the ban, including guidelines for organizations currently using Kaspersky products. The Department of Homeland Security and other relevant agencies will likely issue recommendations and support to help businesses navigate the transition. 

A Continuing Saga in U.S.-Russia Relations

The ban on Kaspersky software sales is the latest chapter in the complex and often fraught relationship between the United States and Russia. As cybersecurity threats continue to evolve, the U.S. government will likely remain vigilant, taking additional steps to protect the nation's digital landscape.

 

Stay tuned for more updates as this story develops.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Russian Cyber Spy Group APT28 Backdoors Cisco Routers via SNMP

Russian-aligned cyber groups are seeking to target Western infrastructure, including Russian cyber spy group APT28 backdoors Cisco routers via SNMP

The UK's National Cyber Security Centre (NCSC) has warned that Russian-aligned cyber groups are seeking to target critical infrastructure in the West. The NCSC said that these groups are motivated more by ideology than by money, and that they pose a potential risk to crucial infrastructure systems in Western countries, especially those that are "poorly protected."

The NCSC said that the groups often focus on denial-of-service attacks, defacing websites and spreading misinformation. However, some of the groups have stated a desire to achieve a more disruptive and destructive impact against Western critical national infrastructure, including in the UK.

Without outside assistance, it is unlikely that the groups "have the capability to deliberately cause a destructive, rather than disruptive, impact in the short term." However, the NCSC warns that the groups may become more effective over time, and that organizations "act now to manage the risk against successful future attacks."

The NCSC has issued a number of recommendations to organizations to help them protect themselves from these threats. These include:

  • Keeping software up to date

  • Using strong passwords and multi-factor authentication

  • Implementing a robust incident response plan

  • Raising awareness of cyber security threats among employees

The NCSC also encourages organizations to report any suspicious activity to the NCSC or their local law enforcement agency.

The NCSC's warning comes as the UK and its allies continue to impose sanctions on Russia in response to its invasion of Ukraine. The NCSC said that the sanctions are likely to further motivate Russian-aligned cyber groups to target Western infrastructure.

The NCSC's warning is a reminder that cyber security is a top priority for organizations of all sizes. By taking steps to protect themselves from cyber threats, organizations can help to mitigate the risk of disruption and damage.

In addition to the NCSC's warning, it has also been reported that Russian cyber spy group APT28 has been backdooring Cisco routers via SNMP. APT28, also known as Fancy Bear or Sednit, is a Russian state-sponsored hacking group that has been linked to a number of high-profile cyberattacks, including the 2016 Democratic National Committee email hack.

The backdoor in Cisco routers is believed to have been used by APT28 to gain access to networks and steal sensitive data. The backdoor was discovered by researchers at Cisco Talos, who have released a report on the vulnerability.

The vulnerability is a remote code execution (RCE) vulnerability that affects Cisco IOS 15.2 and earlier versions. The vulnerability can be exploited by an attacker who can send a specially crafted packet to a vulnerable router.

Cisco has released a patch for the vulnerability. Organizations that are using Cisco IOS 15.2 or earlier versions should apply the patch as soon as possible.

The discovery of the backdoor in Cisco routers is a reminder that cyber threats are constantly evolving. Organizations need to be aware of the latest threats and take steps to protect themselves.

This vulnerability is one of several SNMP flaws that Cisco patched on June 29, 2017. Its exploitation requires an attacker to be able to access the vulnerable SNMP OID. For this, they first need to know the SNMP read-only credential, but these are not always hard to find.

Here are some tips for protecting your Cisco routers from this vulnerability:

  • Keep your software up to date. Cisco has released a patch for this vulnerability. Organizations that are using Cisco IOS 15.2 or earlier versions should apply the patch as soon as possible.

  • Use strong passwords and multi-factor authentication. Make sure that your SNMP credentials are strong and that you are using multi-factor authentication.

  • Implement a robust incident response plan. Have a plan in place in case your network is compromised. This plan should include steps for containing the breach, notifying affected parties, and recovering from the attack.

  • Raise awareness of cyber security threats among employees. Make sure that your employees are aware of the latest cyber threats and how to protect themselves.

In conclusion, the discovery of the backdoor in Cisco routers is a reminder that cyber threats are constantly evolving. Organizations need to be aware of the latest threats and take steps to protect themselves. By taking steps to protect yourself from cyber threats, you can help to mitigate the risk of disruption and damage.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Known Cyber Espionage Group and Advanced Persistent Threats (APTs)

The primary purpose of cyber espionage groups and advanced persistent threats (APTs) is to gather sensitive information covertly from target organizations or individuals. This information can include a wide range of data, such as intellectual property, trade secrets, military plans, political intelligence, and more.

APTs are called "advanced" because they use advanced tactics and techniques to infiltrate and compromise target systems. They are called "persistent" because they often maintain a long-term presence on a target's systems to continue gathering information.

Cyber espionage groups and APTs are often sponsored by governments or other organizations, and they may target a wide range of sectors, including government, military, finance, and more. The information they gather can be used for various purposes, including military advantage, economic gain, and political leverage.

Here are a few things you will need to know to understand this blog:

  • Compromise: When a system or network is compromised, an unauthorized party has gained access to it. This could be due to a security vulnerability or a successful cyber attack.

  • Cyber espionage: Cyber espionage refers to the practice of collecting sensitive information covertly through the use of computer networks and the internet, often for military or political purposes.

  • Exploit: An exploit is a vulnerability or weakness in a computer system, network, or application that can be exploited by an attacker to gain unauthorized access or perform other malicious actions.

  • Ransomware: Ransomware is malware that encrypts a victim's files, making them inaccessible until a ransom is paid to the attacker.

  • Breach: A breach is an incident in which a security system or protocol has been successfully attacked or bypassed.

  • Phishing: Phishing is a type of cyber attack that involves tricking people into revealing sensitive information, such as login credentials or financial information, by pretending to be a legitimate entity. This is often done through fake emails or websites.

Known Cyber Espionage Group and Advanced Persistent Threats

There are many known cyber espionage groups and advanced persistent threats (APTs) that have been identified by cybersecurity researchers. Some examples include:

  • APT1 (also known as Comment Crew or Shanghai Group): A Chinese APT that has been active since 2004 and has been linked to several high-profile cyber espionage campaigns.

  • APT28 (also known as Fancy Bear or Sofacy Group): A Russian APT that has been active since at least 2007 and has been linked to cyber espionage campaigns against governments, military organizations, and other high-value targets.

  • APT29 (also known as Cozy Bear or The Dukes): Another Russian APT that has been active since at least 2008 and has been linked to cyber espionage campaigns against a wide range of targets, including government agencies, think tanks, and political organizations.

  • APT3 (also known as Gothic Panda or UPS Team): A Chinese APT that has been active since at least 2010 and has been linked to cyber espionage campaigns against a wide range of targets, including governments, military organizations, and businesses.

  • APT10 (also known as Stone Panda or MenuPass Group): A Chinese APT that has been active since at least 2010 and has been linked to cyber espionage campaigns against a wide range of targets, including governments, military organizations, and businesses.

Cyber Espionage Group and Advanced Persistent Threats Tools

Cyber espionage groups and advanced persistent threats (APTs) use various tools and techniques to infiltrate and compromise target systems. These can include:

Malware: APTs often use malware to infect and compromise target systems. This can include viruses, trojans, worms, ransomware, and other types of malicious software.

Spearphishing: APTs may use spearphishing attacks to trick target individuals into revealing sensitive information or installing malware. Spearphishing attacks are highly targeted and often involve using fake emails or websites that appear legitimate.

Vulnerabilities: APTs may exploit vulnerabilities in software or systems to gain access to a target's systems. This can include known vulnerabilities that have not been patched, as well as zero-day vulnerabilities (vulnerabilities that are unknown to the vendor and have not yet been patched).

Command and control servers: APTs may use command and control servers to remotely control the malware they have deployed on a target's systems and to exfiltrate stolen data.

Custom tools: APTs may use custom tools developed specifically for their operations. These tools may be designed to evade detection or to perform specific tasks, such as stealing specific types of data or taking control of systems.

How to Protect System Form Cyber Espionage Groups and Advanced Persistent Threats?

Here are a few steps that organizations and individuals can take to protect their systems from cyber espionage groups and advanced persistent threats (APTs):

  • Keep software and systems up to date: Make sure to apply the latest security updates and patches for all software and systems. This can help to close known vulnerabilities that could be exploited by APTs.

  • Use antivirus and firewall software: Install and regularly update antivirus and firewall software to help protect against malware and other threats.

  • Use strong, unique passwords: Use strong, unique passwords for all accounts and do not reuse passwords across different accounts.

  • Enable two-factor authentication: Use two-factor authentication, which requires a second form of authentication in addition to a password, whenever possible. This can help to protect against attacks that rely on stolen passwords.

  • Be cautious of emails and links: Be cautious of emails and links, particularly those that come from unknown sources. Do not click on links or download attachments from untrusted sources, as they may contain malware.

  • Educate employees: Educate employees about the risks of cyber attacks and teach them how to recognize and avoid suspicious emails and other threats.

  • Conduct regular security assessments: Conduct regular security assessments to identify vulnerabilities and to ensure that security measures are effective.

Are you worried about cyber espionage?

CyberSecOp managed services help organizations by providing the expertise and resources; we are a specialized cybersecurity provider for organizations that may not have the in-house expertise or resources to manage their cybersecurity effectively.

Some common types of managed services in the context of APTs and cyber espionage may include:

  • Threat intelligence and monitoring: Offer real-time monitoring for APTs and other threats, as well as analysis of threat intelligence data.

  • Vulnerability management: Offer services to help organizations identify and address vulnerabilities in their systems and applications.

  • Security incident response: Offer support to organizations in responding to security incidents, including providing guidance on how to contain and mitigate the effects of an attack.

  • Security testing and assessment: Providers may offer services to help organizations assess the effectiveness of their current security measures and identify areas for improvement.

CyberSecOp use MITRE ATT&CK to help organizations better understand the tactics, techniques, and procedures used by attackers and design more effective defenses against them. We also use it in relation to incident response, allowing organizations to quickly identify what stage of an attack they are dealing with and take appropriate action.

Using MITRE ATT&CK to provide services, it helps your clients improve their cybersecurity posture and defend against cyber attacks. This could involve providing guidance on how to implement controls to mitigate specific attack techniques, conducting assessments to identify vulnerabilities and areas for improvement, or providing incident response support.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Healthcare Cyber Breaches and Statistics

Cyber breaches in the healthcare industry can have serious consequences, as they can compromise the confidentiality, integrity, and availability of sensitive patient information. These breaches can lead to financial loss, damage to reputation, and regulatory fines for the affected organizations. They can also have serious consequences for patients, including identity theft, financial loss, and harm to their physical and mental health.

According to a survey conducted by the Healthcare Information and Management Systems Society (HIMSS) in 2018, only 36% of healthcare organizations reported having a fully implemented cybersecurity program. The survey also found that only 37% of healthcare organizations had a formal incident response plan in place, and only 29% had regularly scheduled cybersecurity training for employees.

There have been several high-profile healthcare cyber breaches in recent years, including the 2017 WannaCry ransomware attack that affected the National Health Service in the UK and the 2018 breach of the health insurance company Anthem, which exposed the personal information of nearly 79 million individuals.

According to the US Department of Health and Human Services (HHS), the healthcare industry has consistently had the highest number of reported data breaches of any sector. In 2020, the HHS received reports of 1,363 breaches affecting a total of over 36 million individuals. The most common types of breaches reported were hacking/IT incidents (43.8%), unauthorized access/disclosure incidents (33.7%), and theft incidents (22.5%).

It is important for healthcare organizations to implement robust cybersecurity measures to protect patient information and prevent cyber breaches. This includes regularly updating and patching systems, training employees on cybersecurity best practices, and implementing strong passwords and access controls.

high-profile cyber breaches in the healthcare

There have been several high-profile cyber breaches in the healthcare industry in recent years. Some examples include:

  • In 2021, the health insurance company Premera Blue Cross announced a data breach that affected over 11 million individuals. The breach occurred in 2014, but was not discovered until 2015. The company discovered that hackers had gained access to its systems and had potentially accessed personal and medical information of its customers.

  • In 2020, the healthcare provider UnityPoint Health suffered a data breach that affected over 1.4 million individuals. The breach occurred when an employee fell victim to a phishing attack, which allowed hackers to gain access to the company's systems and potentially view or steal patient information.

  • In 2019, the healthcare provider Quest Diagnostics announced a data breach that affected nearly 12 million individuals. The breach occurred when an unauthorized third party gained access to the company's systems and potentially accessed patient information.

  • In 2018, the health insurance company Anthem suffered a data breach that affected nearly 79 million individuals. The breach occurred when hackers gained access to the company's systems and potentially accessed the personal and medical information of its customers.

It is important for healthcare organizations to implement robust cybersecurity measures to protect against cyber breaches and prevent the unauthorized access or disclosure of sensitive patient information.

healthcare HIPAA and cyber protection

The Health Insurance Portability and Accountability Act (HIPAA) is a US law that sets standards for protecting certain health information. HIPAA requires covered entities (such as healthcare providers, health plans, and healthcare clearinghouses) and their business associates to implement safeguards to protect the privacy and security of protected health information (PHI).

HIPAA requires covered entities to implement physical, technical, and administrative safeguards to protect PHI. These safeguards include:

  • Physical safeguards: measures to secure the physical environment where PHI is stored, such as locking doors and securing servers.

  • Technical safeguards: measures to protect against unauthorized access to PHI, such as firewalls, encryption, and access controls.

  • Administrative safeguards: policies and procedures to ensure the proper handling of PHI, such as training employees on HIPAA requirements and conducting risk assessments.

HIPAA also requires covered entities to report certain types of breaches of PHI to the Department of Health and Human Services (HHS) and, in some cases, to affected individuals.

It is important for covered entities and their business associates to comply with HIPAA requirements to protect the privacy and security of PHI and prevent cyber breaches. This includes implementing appropriate safeguards and regularly reviewing and updating their HIPAA compliance programs.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

The Majority Of US Defense Contractors Fails To Meet Basic Cybersecurity Standards.

 According to the study, this could have severe consequences for defense contractors, with nearly half losing up to 60% of their revenue if DoD contracts are lost.

"CMMC is a set of commercially reasonable standards to protect data," said CyberSecOp CISO. Organizations must address it as a part of doing business or risk losing the contract. “Nearly nine in ten (90%) of US defense contractors need to meet basic cybersecurity regulatory requirements.

According to the survey, defense contractors still need to implement basic standards. A sampling:

·        35% have security information and event management (SIEM)

·        39% have an endpoint detection response solution (EDR)

·        18% have a vulnerability management solution

·        28% have multi-factor authentication (MFA)

Defense contractors are being targeted by state hackers.

Defense contractors are a popular target for nation-state groups due to the sensitive information they possess about the US military. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory in October 2022 highlighting advanced persistent threat (APT) activity detected on a defense organization's enterprise network.

CyberSecOp CISO is concerned that four out of five defense contractors reported a cyber-related incident, with nearly three out of five reporting business loss due to a cyber-related event.

CyberSecOp is a CMMC-AB REGISTERED PROVIDER ORGANIZATION (RPO)

DOD has made an effort to simplify CMMC, but it is undoubtedly still complicated. CMMC is based on several other standards, including DFARS, 800-171, and ISO 27001. Utilizing all the above information security standards make it very challenging for most DOD contractors to copy with CMMC. Get compliant with CyberSecOp CMMC Assessment, Security Program & Advisory Services.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

What Does Cybersecurity Compliance Mean?

Cybersecurity Compliance involves meeting various controls (usually enacted by a regulatory authority, law, or industry group) to protect the confidentiality, integrity, and availability of data. This is usually driven by a security consultant.

What is a Security Consultant?

A security consultant, also sometimes called a security analyst, pinpoints vulnerabilities in computer systems, networks, and software programs and identifies solutions to defend against hackers. This consultant role is a strong example of a highly specialized IT occupation.

What Does a Cybersecurity Consultant do?

Cybersecurity consultants assess an organization's security operations, computer systems, network, and software for vulnerabilities, then design and implement the best security solutions for the company. If a cyberattack does happen, the client will reach out to a security consulting firm, such as CyberSecOp, to seek expertise to respond and mitigate the damage. Cybersecurity consultants and risk managers can provide your organization with technology controls, policies, procedures and other management controls. 

What does a Risk Manager do?

While cyber security consultants/analysts are geared more towards the technology stack of an organization a Risk Manager takes it a level higher and focuses on the organization risk from a holistic view. A risk manager can help an organization understand how to formulate a documented Risk Management Framework (RMF) in which representation from key stakeholders and leaders take part in continuously assessing, identifying and mitigating risks for the organization. This goes beyond the security tools and into the realm of Policy, Culture, Procedure, Communication and continuous improvement. Risk Managers are skilled at organizational risk and are a key component of not only ensuring compliance, but risk reduction as a whole. It is important to remember that being compliant is not necessarily being secure, and risk mangers can bring that whole package together.

What are Cybersecurity Consulting Services?

Cybersecurity consulting helps organizations mitigate certain risks and prevent identity theft, hacking and data theft. A cybersecurity consultant can also help identify risks that the business may have previously overlooked. Cybersecurity consulting acts as an extension to your in-house security team.

Main Areas of Focus Will Be:

  • Security management, governance and compliance

  • Risk Management

  • Security monitoring

  • Security architecture

  • Incident response

    • Remediation of attacks

    • Attack detection

Cybersecurity Consulting Service Benefits

  1. Cybersecurity consulting acts as an extension to your in-house security team.

  2. The professionals from CyberSecOp security consulting services can identify problems within the organization

  3. Maximize your security investments with cybersecurity services.

  4. Cybersecurity consulting management makes it easier to handle regulatory and compliance requirements.

  5. Cybersecurity services provide you with experts who have the training, experience and qualifications needed to identify and manage risk all the while ensuring your business remains compliant.

CyberSecOp security consulting services help your organization achieve maturity within your security environment. CyberSecOp cybersecurity consulting firm has experience with diverse clients across many industries. A skilled group of security consultants will know the pitfalls and hurdles to avoid in relation to your security transformation or security compliance requirements.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

CEO Letter - Cyber Security Operations Consulting (CyberSecOp)

Vinny La Rocca

Chief Executive Officer

We believe the foundation of our success is grounded in our vision to uplift enterprise security while ensuring confidentiality, integrity, and availability beyond best practices. That purpose is a virtuous circle. We create long-term value by empowering our people to deliver for our customers and communities. CyberSecOp helps organizations with security consulting, incident response and ransomware negotiation, payment, and recovery.  

Our vital role to the community can be found in our mission statement. Our mission is to make the world a better place by defending and protecting our clients and partners from the theft of sensitive data through rapid incident response, cyber security programs, threat hunting, and the deployment of protective measures. 

Sustainability and Growth

Our sustainability is rooted in our vision and mission statement. We believe this is an integral part of our growth and the reason we can keep our promises to our clients and partners.

Growth - Expectations for 2022 are higher than 2021, a year with 85% growth. Cyber risks currently rank as one of the top global threats to businesses and custodians of data, along with an ever-increasing number of data privacy and protection laws. These factors, combined with CyberSecOp’s ability to respond both proactively and reactively, put the company in a very favorable position.

Partnerships - CyberSecOp continues to develop, encourage and align an increasing number of strategic partnerships, allowing our teams to continually improve upon our Service Level Agreements (SLA’s) and expand our portfolio and breadth of services.

Culture - CyberSecOp has built a culture of people passionate about Cybersecurity and Professional Services. Uniting around a common goal brings our team together and ensures everyone is working to assist our clients with Cyber Security and compliance. We are a diverse workforce with an open and collaborative culture. Our goal is to be a leading security consulting company by empowering our employees to provide top-quality services measured against best-in-class industry benchmarks.

Customer Success - Customer satisfaction and success continue to be CyberSecOp’s highest priority, measured by retention and the increase in recurring services. Our success is a direct result of the success of our clients.

Our commitment to our mission, staff, clients and partners will continue to fuel our fast growth, creating long-term value for all stakeholders. 

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Cyber Threats Require New Approach to Design Flaws and Risk  

Now that the year is in full swing, and you’re only left with the distant memories, COVID, and cyber security, what are your business cyber objectives for 2022?

Ours goals are to continue helping businesses:

  1. Improving security for everyone, by doubling the amount or organizations we helped last year (100% our client shows no evidence of a data breach)

  2. Offer competitive pricing, to make security an attainable goal for every organization

  3. Reduce cost and increase security by implementing more automation and artificial intelligence 

Cyber threats are a real threat to all modern businesses, with the evolution of technology in all sectors. Malicious cyberattacks in 2021 forced shutdown of many business operations at an average downtime of a month.  According to multiple reports, the amount of companies who ended paid hackers grew by 300% in 2020, and 200% in 2021. The businesses that were victimized had two options, pay the ransom or go out of business.

Email is the most popular attack vector

Email is still a top attack vector cybercriminal use. A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing.

Top 3 email attacks

  1. Most wire frauds are successful over email communication; the focus trust, in most case the threat actor would be in the middle of a communication between two are more parties. This allows the threat actor to control the conversation, and change wire information.

  2. Threat actor’s setup email rules to keep persistent connections and visibility to gain insight into the organization long after all passwords have been changed.

  3. Threat actors add external emails to distribution groups to keep persistent connect and gain continuous insight into the organization in preparation for their next attack.

Double and Triple Extortion

Cybercriminal groups identified by the FBI responsible for most incidents are known for conducting aggressive “double/triple extortion” ransomware attacks once they have gained access to a network.

In double extortion attacks not only is the victim organization’s data rendered inaccessible until a ransom is paid but the criminals may further monetize the ransomware attack by coupling it with a Distributed Denial of Service (DDoS) attack or selling the stolen data onto other criminal groups.  In some cases, if the organization is not careful, hackers use email, phone, or text to deceive  employees into helping them commit wire fraud.  

Providing security is challenging in any industry, whether you’re talking about agriculture, automobiles, furniture, financial services, or educational. It requires special equipment and knowledge around how things can fail in the field, and a disciplined approach to executing tests that reflect real-world conditions as much as possible.

This is where CyberSecOp can help your organization

We are an independent third-party testing, and compliance readiness firm, operating only within the cybersecurity industry. With our comprehensive suite of services and solutions our team can provide continuous testing, security program development, security tabletop exercise, security awareness training to reduce risk and increase critical testing against sensitive systems, using real-world conditions.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

CyberSecOp Becomes A CMMC Register Provider Organization

CyberSecOp is a leading Cybersecurity Services Provider offering a comprehensive portfolio of Cybersecurity Maturity Model Certification (CMMC) advisory services and cyber security solutions.  

CyberSecOp is an CMMC Registered Provider Organization (RPO) listed on the CMMC-AB Marketplace. Our organization staff have passed the RP Exam, Background Check and signed the RPO agreement, indicating our commitment to comply with the CMMC-AB Code of Professional Conduct. CyberSecOp is also an ISO 27001-certified organization.

 What are CMMC-AB, CMMC, and the Responsibility of the RPO Designation?

 CMMC-AB authorizes RPOs to provide CMMC consulting services in support of government contractors, supply chain/DoD suppliers, and organizations seeking certification within the Defense Industrial Base (DIB).

The CMMC-AB is an independent accreditation body that manages the CMMC on behalf of the DoD. The CMMC framework is a set of mandatory cybersecurity requirements that all contractors within the DoD supply chain will be required to implement and, beginning this year, to have verified by an independent CMMC Third Party Assessment Organization (C3PAO). CMMC was created to address the ongoing theft of and unauthorized access to Controlled Unclassified Information (CUI) by foreign adversaries through the enforcement of good cyber hygiene and best practices. 

It initially launched in June 2020 and formally announced in August 2020 that it was accepting applications for five types of credentialed roles within the CMMC ecosystem. These include the following:

·         C3PAOs

·         Certified Assessors (CAs)

·         Certified Professionals (CPs)

·         Licensed Partner Publishers (LPPs)

·         Registered Practitioners (RPs)

·         Registered Provider Organizations (RPOs)

The CMMC framework establishes five certification levels with a defined security posture or maturity level an organization must achieve, determined by the sensitivity of the information they handle. These are outlined below:

How can CyberSecOp help your organization with CMMC?

CyberSecOp has created a suite of advisory services to help organizations effectively plan and prepare for an official CMMC assessment: CMMC Consulting, CMMC Readiness, Assessments, CMMC-RPO, CMMC Gap Analysis, DFARS, ITAR, VCISO, MSSP, NIST 800 53, and NIST Cybersecurity Framework (CSF), NIST 800-171, Security Services.

 CMMC Scoping Workshop – determine the type of data and the required CMMC maturity level needed. Identify how data is received, stored, shared and handled on all information systems.

CMMC Gap Analysis – identify discrepancies between current state and CMMC maturity levels as determined in the scoping workshop. The CMMC Gap Analysis will provide areas of weakness that need to be targeted to reach the desired maturity level.

 CMMC Remediation Strategy –assist the organization with remediation efforts, including resolving discrepancies identified in the CMMC Gap Analysis and creating a strategic plan for remediation. This process may include security control testing, polices, procedures and plan creation to close all known gaps related to the desired maturity level. 

VCISO (Virtual Chief Information Security Officer) – CyberSecOp provides a board-level security expert backed by a team of professionals to ensure continuous compliance and maintain the maturity level as threats, infrastructure and business objectives evolve. Services include the following.

  •  Compliance Advisory Consulting Services

  • CMMC Readiness

  • Vulnerability and Penetration Testing Assessment

  • Ransomware Response

  • Forensic Analysis

  • 24/7/365 Security Operations Center (SOC)

  • Cyber Security Consulting

  • CMMC Cybersecurity RP, RPO

  • Incident Response & Incident Management

  • Security Assessments

  • Security Awareness

  • Data Loss Prevention 

About CyberSecOp

 Cyber Security Operations Consulting (CyberSecOp) is an innovative cybersecurity firm, providing consultants and managed security services to empower businesses since 2001. Our IT & cybersecurity consulting services protect you from cyber criminals in myriad ways. From implementing individualized Cyber Security Programs, which include written Information Security Programs, Incident Response Policies and Plans, and Cybersecurity Assessments, to offering the best-in-class cybersecurity consulting, tools, and IT security solutions, we do it all.

CyberSecOp is an CMMC-AB RPO & ISO 27001 Certified Organization - join thousands of businesses by putting your security in our hands. For more information about CyberSecOp and CMMC, contact us at 866-973-2677, Sales@CyberSecOp.com or visit: www.CyberSecOp.com.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Holistic Ransomware Security Approach

Do you have a holistic approach for security against ransomware? To prevent events from escalating, consider immediate containment and expert remediation assistance. Ransomware attacks are rampant, and include hackers locking up computer systems and demanding a payment to unlock them. Ransomware has had devastating effects on our infrastructure and economy, impeded emergency responders, stalled tax payments and forced government offices back to pen-and-paper operations for weeks on end.

80% of those who paid their ransom were attacked again, and not even security firms are immune to these attacks.  

What is Ransomware?

Ransomware is a form of malicious software (malware) that is designed to encrypt files on a device, making the files and the systems that rely on them unusable. Malicious actors then demand a ransom payment, usually in the form of cryptocurrency, in exchange for decryption. These malicious actors may also make extortion demands, by threating to release stolen data if a ransom is not paid, or may come back after the fact and demand an additional payment in order to prevent the release of stolen data.

Recent Breach of a Top Security Firm

Accenture, one of the largest security firms around, confirmed in August 2021 that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.

Previously, the cybersecurity firm FireEye had been the first call for help at government agencies and international companies who had been hacked by sophisticated attackers. Yet on Dec 8, 2020, FireEye announced it had been breached, and not just data but also some of its most valuable tools had been stolen. 

Ransomware Impact

The impact of a successful ransomware deployment includes both technical and non-technical challenges, and can be crippling to business operations. Modern-day attackers have developed advanced techniques that now require a holistic security risk mitigation strategy, inclusive from the board to technical practitioners.

The impact of ransomware can include:

·         Temporary, and possibly permanent, loss of your company's data

·         A complete shutdown of your company's operations

·         Financial loss as a result of revenue-generating operations being shut down

·         Financial loss associated with the cost of remediation efforts

·         Permanent damage to your company's reputation

How Can CyberSecOp Help Your Organization?

Holistic Security Risk Mitigation Strategy

A holistic approach to cybersecurity can address the following components and their implications for governance, organizational structures, and processes.  Our holistic security program includes a risk management program, which provides an accurate overview of the risk landscape and governing principles that ensure accurate risk reporting. We address:

  • Assets: Clearly defining critical assets

  • Controls: Differentiated controls to balance security with agility

  • Processes: State-of-the-art and fully tested procedures for optimal security and remediation

  • Organization: Bringing the right skills, most efficient decision making, and effective enterprise-wide cooperation into your organization

  • Governance: Investments in operational resilience, prioritized based on deep transparency into cyber risks including third parties and vendors, covering of the whole value chain

  • Patches: Keeping your network up to date with the latest software patches

  • Software Mitigations: Using robust antivirus and firewall protections in your network

  • Backups: Backing up data securely and separately from your network, and routinely testing restoring from backups

Incident Response Services

Scoping and Investigation

The CyberSecOp Incident Response (IR) Team conducts forensic analysis to identify root causes and ensure rapid containment of ongoing attacks. This swiftness to action helps prevent escalation.

Services and Expert Guidance

CyberSecOp IR Team remediates issues throughout the network and implements updates to configurations, architecture, and tooling.

Advanced Threat Analysis

The CyberSecOp Team conducts in-depth investigations including root cause analysis, malware reverse engineering and comprehensive incident reporting.

How Does Ransomware Infect my Network?

Ransomware, like other forms of malware, seeks to take advantage of poor security practices employed by employees and system administrators. According to the Internet Crime Complaint Center (IC3) the most common methods of infection are:

  • Email Phishing: This social engineering attack vector occurs when a cyber-criminal sends an email which appears to be legitimate, but in fact contains a link to a malicious website or document with a malicious script, which then infects the recipient’s computer and associated network.

  • Remote Desktop Protocol (RDP) Vulnerabilities: RDP is a type of software that allows individuals to control the resources of another computer over the internet. RDP is commonly used by employees working remotely and by system administrators to manage computers from a distance.

  • Software Vulnerabilities: These vulnerabilities are flaws in the code of a piece of software (like Microsoft Word) that can be exploited by threat actors to gain control of a system to deploy malware. A common example would be “macros” that get installed within Microsoft Word or Microsoft Excel that lead to infection.

Best Practices and remedial measures

Users and administrators are advised to take the following preventive measures to protect their computer networks from ransomware infection/ attacks:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.

  • Check regularly for the integrity of the information stored in the databases.

  • Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)

  • Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems

  • Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.

  • Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

  • Application white listing/Strict implementation of Software Restriction Policies (SRP)to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.

  • Maintain updated Antivirus software on all systems

  • Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser

  • Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.

  • Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.

  • Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.

  • Disable remote Desktop Connections, employ least-privileged accounts. Limit users who can log in using Remote Desktop, set an account lockout policy. Ensure proper RDP logging and configuration.

  • Restrict access using firewalls and allow only to selected remote endpoints, VPN may also be used with dedicated pool for RDP access

  • Use strong authentication protocol, such as Network Level Authentication (NLA) in Windows.

  • Additional Security measures that may be considered are

    • Use RDP Gateways for better management

    • Change the listening port for Remote Desktop

    • Tunnel Remote Desktop connections through IPSec or SSH

    • Two-factor authentication may also be considered for highly critical systems

  • If not required consider disabling, PowerShell / windows script hosting.

  • Restrict users' abilities (permissions) to install and run unwanted software applications.

  • Enable personal firewalls on workstations.

  • Implement strict External Device (USB drive) usage policy.

  • Employ data-at-rest and data-in-transit encryption.

  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.

  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

  • Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.

  • Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

Our IT & cybersecurity consulting service protects you from cyber criminals in myriad ways. From implementing a cybersecurity program, which include a written information security program and cybersecurity assessment, to purchasing our best-in-class cybersecurity consulting and IT security solutions, engaging with CyberSecOp will lead you in the right direction towards an enhanced security stance. CyberSecOp is an ISO 27001 Certification Organization - join thousands of businesses by putting your security in our hands.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Microsoft Warns of Sneaky Phishing Campaign

Microsoft's Security Intelligence team sounds the alarm on a sneaky phishing email campaign with fake sender addresses. The phishing email also cleverly employs various detection evasion techniques to trick most automated filters and users in its attempt to garner Microsoft Office 365 credentials.


The alert was sent after observing an active campaign that was zoning in on Office 365 organizations with convincing emails.

In a statement by Microsoft, "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."

Microsoft notes that this campaign is sneakier than usual due to the convincing Microsoft logos with the link posing as a 'file share' request to access bogus reports. However, the main phishing URL relies on a Google storage resource that takes the victim to the Google App Engine domain Appspot. This results in hiding a second URL that directs the victim to a compromised SharePoint site, and thus allowing the attack to bypass sandboxes.

Researchers at Microsoft have published details

Researchers at Microsoft have published details regarding the architectures connected to the spoofed emails mimicking SharePoint and other products for credential phishing. "The operator is also known to use legitimate URL infrastructure such as Google, Microsoft, and Digital Ocean to host their phishing pages," Microsoft added.

Accounting to the FBI

According to the FBI's latest figures, phishing attacks have cost Americans more than $4.2 billion last year. Fraudsters employ business email compromise (BEC) attacks, which rely on compromised email accounts or email addresses that are similar to legitimate ones and are difficult to filter as they blend within normal, expected traffic. BEC attacks are far more costly than high-profile ransomware attacks.


Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

CyberSecOp is an ISO 27001 Certified Cyber Security Consulting Firm

CyberSecOp is proud ISO 27001 Certified Organization

ISO+Press+Release.jpg

The team at CyberSecOp is ISO/IEC 27001:2013 (ISO 27001) certified.
International Organization for Standardization (ISO) is an internationally recognized standard that ensures that firms such as CyberSecOp, meet best practices for information security management systems and vigorous risk-based framework approach.

We are committed to following a high-quality and consistent security management system. A-lign, an independent, third-party auditor, found CyberSecOp to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications. Therefore, through ISO 27001, we have developed and implemented processes and procedures in order to provide requirements for establishing, implementing, maintaining, and continually improving an information security management system. The entire certification leads us to the appropriate requirements for an Information Security Management System (ISMS) in our company — a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management processes.

Achieving the ISO 27001 certification is the result of a great amount of effort, dedication, and involvement from every member of the CyberSecOp team. We are constantly challenging ourselves to improve our service and provide the highest security and privacy standards to meet or exceed the needs and expectations of our customers.

Author: Carlos Neto

Information Security Officer

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Using Linux Won't Save You from Ransomware - Here's Why

"Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent." (FBI, 2019)

Picture1.jpg

Since early 2018, there has been a sharp spike in the cleverness, thoroughness, and precision of the security breaches we see in the ransomware landscape. Regardless of attack vector - whether it's from phishing, vishing, or the classic insider threat - once ransomware is on your computer, it's incredibly difficult to restore your files. It takes some serious intervention to stand a chance of recovering your business (or personal) data. 

The easiest solution is to get the appropriate key and decryption tool, and use them together to unlock your files...but typically you only receive those resources in exchange for paying the ransom, and many companies can’t afford the ransom at its original price. By that time, there's a good chance you've taken a catastrophic financial blow.  From hospitals, to insurance companies, to banks, there are plenty of highly valuable (and highly vulnerable) assets to be manipulated, and threat actors don’t hesitate to put lives at stake for the benefit of their wallets.

So how can we prevent these breaches? What is the key to staying safe from attackers?

The answer may be simpler than you think.

The three most impactful measures you can take to stay safe are as follows:

★    Quarantine

○     Take your computer off the network or wifi and reset your data by wiping the device entirely back to its factory settings (the way it came when you bought it) the moment you can confirm there has been a breach.

★    Have a backup

○     You can only take the first measure if you either don’t care at all about your data, or you have bothered to back it up so you have an unencrpted copy.

★    Get help negotiating your ransom down

○     If you need to pay the threat actor the ransom money to recover your data, there are many firms that can help you with this - don’t pay the full price of the ransom! Firms that can help with ransom negotiation and essential protections include CyberSecOp, which you can reach by using Our Contact Form.

So what’s so special about the threat of Linux-based malware? A Linux-based ransomware variant has the potential to take down any and every industry. Major cloud providers like AWS (Amazon Web Services), Oracle, and Microsoft base entire workloads on Linux; malware sweeping through those servers could bring down any company that uses a modernized cloud stack to host their sites and data.

Picture2.png

And then there are hacktivists - hackers who hack to do activism for their cause (which can vary greatly in scope between organizations). Hacktivists have a history of using their ransomware attacks to make a point - whether it’s political or personal - and to incite fear in other companies or individuals who support the cause represented by the victim. While you might not think this presents a threat to you personally, or even to your business, the truth is that innovations in cyberattacks threaten us all. If the target were to have a Linux-based system, the hacktivist group targeting that individual would be devoted to finding a way to spread ransomware across Linux-based devices. When ransomware is evolved by perpetrators to this degree, we are likely to see major outages across all the cloud providers listed above, and it could cripple any business or personal account that is hosted therein.

To avoid such a catastrophic and monolithic problem, we should learn to govern our systems from a more ecosystem-centric approach, rather than depend on the classic signature-based antivirus alerts that have become standard. You may recognize Norton Antivirus alerts or even operating-system-based protection like Windows Defender presenting to you pop-ups about updating your signatures.

The truth is that we shouldn’t rely on the technical drivers of these updates, the people who hunt down and publish these known virus signatures, to keep us safe. We should be educating our employees, friends, and families, on the essentials of how to stay digitally secured and prevent breaches in the modern threat landscape. This concept is especially important as a mere tweak in the code of a virus and a quick recompilation of that code can cause the hash (or signature) of the virus to change, causing these famous signature-based antivirus softwares to completely miss the threat on your device.

A phenomenal example of how dangerous this variant-based workaround can be is what happened to the Colorado State Department of Transportation (CDOT) in early 2018.

“As CDOT’s Information Security group scrambled to contain the spread and impact of SamSam’s first wave, their efforts were quickly undermined by another variant of the same ransomware strain that was spreading throughout many of the newly sanitized zones of their network.”[1] (Richard Horne for the SANS Institute)

In an interview with the Denver Post, Brandi Simmons, a spokeswoman for the state's Office of Information Technology said, “The variant of SamSam ransomware just keeps changing. The tools we have in place didn't work. It's ahead of our tools.” The tools in question were signature-tracking antivirus software, like what many of us use on our home computers. In the end, Colorado's Office of Information Technology, the Colorado National Guard, and the FBI all had to collaborate to contain this threat, and by the time they had, over 2,000 computers running Windows and McAfee security software had been taken offline.

In conclusion, it seems inevitable that we will see Linux systems fall prey to the same types of ransomware we currently battle; it’s only a matter of time. Make sure you’re safe and you know how to protect your data: maintain a backup of all your files, be ready to quarantine in the event of a breach, and remember not to panic. We are here to help.

Sources:

https://www.sans.org/reading-room/whitepapers/tools/strings-me-linux-ransomware-39870

https://www.darkreading.com/attacks-breaches/second-ransomware-round-hits-colorado-dot/d/d-id/1331197

Authored by Alison Stuart

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

What is Cyber Security, IT Security, and Data Security?

What is the need for IT security and CyberSecurity?

Computer security, cybersecurity or information technology security (IT security) is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

IT security is a set of cybersecurity strategies that prevents unauthorized access to organizational assets such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers.

What is Data Security?

Data security means protecting digital data, such as those in a database, from destructive tampering and unauthorized access. Hardware based security or assisted computer security offers an alternative to software-only computer security.

Common examples of:

  • Data encryption
  • Tokenization
  • Key management
  • Data loss prevention
  • Data classification
  • Data accees management

What is the need for network security?

Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware. Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect.

What is Internet security

Internet security involves the protection of information that is sent and received in browsers, as well as network security involving web-based applications. These protections are designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, antimalware, and antispyware.

What is Critical infrastructure security:

Critical infrastructure security consists of the cyber-physical systems that modern societies rely on.

Common examples of critical infrastructure:

  • Electricity grid
  • Water purification
  • Traffic lights
  • Shopping centers
  • Hospitals

What is Application security:

You should choose application security as one of the several must-have security measures adopted to protect your systems. Application security uses software and hardware methods to tackle external threats that can arise in the development stage of an application.

Applications are much more accessible over networks, causing the adoption of security measures during the development phase to be an imperative phase of the project.

Types of application security:

  • Software development
  • Application testing
  • Code review
  • Vunerablity and penetration testing

What is Network security:

Network security ensures that internal networks are secure by protecting the infrastructure and inhibiting access to it.

Common examples of network security implementation:

  • Extra logins
  • New passwords
  • Application security
  • Antivirus programs
  • Antispyware software
  • Encryption
  • Firewalls
  • Monitored internet access

Types of cyber threats:

The threats countered by cyber-security are three-fold:

  1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption.

  2. Cyber-attack often involves politically motivated information gathering.

  3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common methods used to threaten cyber-security:

Malware

Malware means malicious software. One of the most common cyber threats, malware is software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-looking download, malware may be used by cybercriminals to make money or in politically motivated cyber-attacks.

There are a number of different types of malware, including:

  • Virus: A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code.

  • Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data.

  • Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.

  • Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it unless a ransom is paid.

  • Adware: Advertising software which can be used to spread malware.

  • Botnets:Networks of malware infected computers which cybercriminals use to perform tasks online without the user’s permission.

SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over credit card data and other personal information.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim’s device and the network.

Denial-of-service attack

A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions.

8 Cyber Security Best Practices for Business

  1. Conduct Phishing Simulations
  2. Implement Risk Management Governance Approach
  3. Secure Remotely Working and Travelling Employees
    • Plan for mobile devices
  4. Create a Cybersecurity Awareness Training Program
  5. Monitor User and File Activity
  6. Enforce password best practices
  7. Enforce the Use of Password Managers, SSOs, and MFAs
  8. Audit Privileged Access
  9. Implement Data Loss Prevention
  10. Update Software and Systems
  11. Implement and monitor EDR, MDR, and SIEM
  12. Regularly back up all data, and offsite backup

CyberSecOp cybersecurity solution provide pace of mind when it comes to privacy and security. Ensuring data security in the cloud or onpfremisies , compliant and protected by best-in-class security: your data, and the tools you use to harness it, can truly empower your business.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Pandemic & Post Pandemic Cyber Security Remote Workforce

The current pandemic gives cloud computing a push forward; our clients are taking advantage of CyberSecOp Alliance resilient cloud-based digital infrastructure for businesses of every size to protect their data. We have noticed 58% growth in our Cloud services, securing and protecting data while working remotely is one of the top concerns for most of our clients.

During the crisis, cyberattacks have increased worldwide, including against critical healthcare institutions, which have been the target of ransomware attacks. Private-sector data reveals a 350% surge in phishing websites since the start of the pandemic.

Our security professionals prepare for a new level of untrusted network activity and cyber attacks as remote working is expected to continue. What are the questions you should be asking, and what controls need to be in place?

Pandemic & Post Pandemic Cyber Security

While we are still very much on this transformation journey, we are working on the mindset of our clients to be prepared for quicker response to a crisis like COVID-19, by doing this we will increase business continuity and build-in security for all remote working processes. Removing legacy systems, introducing more automation, better identity and access management for remote systems, secure build for remote devices, extended security services such as Managed Detection and Response (MDR), IPS/IDS, Advanced Endpoint Protection, Application Firewall, DNS Filtering, Automated Virus Containment, and Filer Reputation Detection this will provide an additional layers of security for remote workforce, please see below for other recommendations.

Telecommuting is the only way of working for many

1. Adoption of virtual desktop will finally see an upswing:

With tele-working likely to become the norm, virtual desktops could become the security baseline for IT teams to enforce data management standards. Virtual desktops emulate a computer system so that IT can control access as such adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.

To meet the stringent criteria of regulatory and corporate compliance regarding data security, many companies will see the adoption of virtual desktops as the go-to solution.

2. We will notice surge in adoption of decentralized cyber security:

Traditional cyber security controls dictate a centralized approach where data is consolidated from different sources to perform analysis and investigation. With swift digitization, security controls will shift to data sources, similar to the trend witnessed in IoT. We could start seeing a new wave of anti-virus, data loss protection, digital rights management and endpoint-based firewalls and other security controls gaining traction.

With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralized cyber security will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.

3. Rise in bio metric way of authentication:

User access controls have largely revolved around one or two-factor authentication. These methods rely on “something you know (username)” and “something you have (password)” and given hackers’ interest in employees as the weak link to start a technical exploit, we will see cyber attacks directed towards individuals.

This means identity protection will be of priority and the best defense should focus on building authentication systems which focus on “who you are.” This would require advanced bio metric solutions such as fingerprint/thumbprint/hand print, retina, iris, voice, and facial recognition technologies.

With bio metrics, hackers’ attempt at impersonating you just got a lot harder than trying to break into passwords. 

New processes will govern our way of work

1. Global privacy regulation and policies will require a re-look:

The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes. With remote working concepts taking center stage, re-evaluation of these policies is needed to address the new cyber threats.

From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR, NYDFS, CCPA, SHIELD Act compliance and state privacy laws.

Governance around companies and employees’ social media profiles would also have to be included as these platforms are frequently trolled by hackers as they carry out reconnaissance before launching a cyber attack.

2. Cloud will become more important than ever before:

 The shift to cloud services offers employees, customers, suppliers, and everyone else across the ecosystem a seamless and frictionless access to data and applications. Remote access by various users would compound security challenges and presents many new potential attack vectors.

In the post-pandemic world, IT resources would shift towards data, particularly keeping data secure across cloud platforms.

3. Containerization technology will be extended beyond enterprise network to include endpoints:

IT architectures will extend containerization and zoning concepts to include not just systems, but also people, roles, and the level of sensitive data they possess. Containerization, thus, will be extended beyond enterprise networks to include endpoints such as remote worker machines and mobile devices.

This will facilitate cyber security teams to apply varied access controls and demarcate data storage to minimize risk of cyber intrusion and data breach.

Source: Cybersecurity Ventures

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

What is Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard intended for implementing cybersecurity across DoD contractors.

The CMMC has been in development for a number of years, but the first details on the framework were released in January 2020. The framework makes use of a “maturity” model, in which audits will be conducted by third-party assessors. Firms will be assigned a “level” that represents the cybersecurity protections, or maturity level they have demonstrated.

Breach Report and predicted loss by 2024

A recent study predicted that business losses due to cybercrime will exceed $4.5 trillion by 2024. The threat to the Defense Industrial Base (DIB)--the network of more than 300,000 businesses, organizations, and universities that research, engineer, develop, acquire, design, produce, deliver, sustain, and operate military weapons systems--is especially alarming due to current cyber warfare activities by cybercriminals and state-sponsored actors.

Security is a foundational component of acquisition

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S) recognizes that security is a foundational component of acquisition and that some contractors are trading security to benefit cost, schedule, and performance. It's estimated that the DoD supply chain consists of more than 300,000 businesses and organizations, all of which are targets. Most of these organizations are small to mid-size businesses, which are the most vulnerable to cyber-attacks. Based on over 100 Data Breach Investigation's CyberSecOp recognized that organizations between 100 -300 employees are prime victims for cyber criminals because of lack of security controls.

CMMC Model Structure

The goal of CMMC is to provide a framework for the improvement of cybersecurity in DIB sector organizations. CMMC currently defines 17 domains of technical capability, each with five levels of certification (L1 through L5) and specific practices. The DoD will require an organization to have CMMC Level 3 certification before it can receive Controlled Unclassified Information (CUI) in any domain.

CMMC Domains

CCMC-Compliance.png

CMMC Leveled Practices

The majority of the practices (110 of 171) originate from the safeguarding requirements and security requirements specified in FAR Clause 52.204-21 and DFARS Clause 252.204-7012. The practices fall into five levels:

  • Level 1 represents basic cyber hygiene, and focuses on the protection of federal contract information (FCI). It consists of practices that correspond only to the basic safeguarding requirements specified in 48 CFR 52.204-21 ("Basic Safeguarding of Covered Contractor Information Systems").

  • Level 2 is a transitional step in cybersecurity maturity progression to protect CUI. Level 2 consists of a subset of the security requirements specified in NIST SP 800-171, as well as practices from other standards and references.

  • Level 3 focuses on the protection of CUI. It encompasses all of the security requirements specified in NIST SP 800‑171, as well as additional practices from other standards and references.

  • At Level 4, the model begins to focus more on the proactive activities an organization can take to protect, detect, and respond to threats. These practices enhance the organization's ability to address and adapt to the changing tactics, techniques, and procedures (TTPs) used by advanced persistent threats (APT)s.

  • Level 5 focuses on the protection of CUI from APTs. The practices increase the depth and sophistication of cybersecurity capabilities.

CMMC Cyber Compliance Services

DOD has made the effort to simplify CMMC, but it is surely still complicated. CMMC is based on several other standards, including DFARS, CERT RMM, 800-171, AU ACSC Essential Eight, UK NCSC Cyber Essentials, ISO 27001, CIS Critical Security Controls, and the NIST Cyber Security Framework. Utilizing all the above information security standards make it very challenging for most DOD contractors to copy with CMMC. Get compliant with CyberSecOp CMMC Assessment, Security Program & Advisory Services.

Author: Kaushik Reddy

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

New Remote Attack on Workforce Asks For Consent

A newer type of attack that is gaining momentum on the WFH revolution is Consent Phishing, which seeks the user’s permission as opposed to password.

With today’s widespread use of cloud applications like Webex, Zoom, and Box for increased productivity, the average person has no doubt ran across an application that asks for consent. Attackers have leveraged this familiarity to create malicious applications that request permission for access to sensitive data. Once the user has granted the application access it’s Game Over.

How it works

While each attack method varies, it usually comes down to the following steps:

  1. Threat actor registers a malicious app with an OAuth 2.0 provider, such as Azure Active Directory, AWS, or Google Cloud

  2. The app is configured in an inconspicuous way that makes it seem legitimate

  3. The threat actor gets a link to pop up for the user which may be done through conventional email-based phishing, by compromising a non-malicious website

  4. The victim clicks the link and is shown the familiar-looking consent prompt asking them to allow the application permission to sensitive data

  5. Once the user clicks accept, they have granted the application permissions to access sensitive data

  6. The malicious application receives an authorization code, which it then redeems for an access token, and potentially a refresh token

  7. The access token is used to make API calls on behalf of the user

How to protect against this type of attack

  • Advanced endpoint protection

  • User awareness, if the application consent prompt contains misspelling or grammar errors, those are telltale signs that it may be malicious

  • Configure your organization to only allow applications that are published and verified

  • Configure policies to whitelist only certain apps for use

Author: Carlos Neto

 

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Home Routers Major Weakness in Work from Home Revolution

‘Prepping’ for Work from Home

For the past few years employees and employers alike extolled the virtues of working from home (‘WFH’). We’ve heard the stories of how it leads to a happier and more productive employee, less overhead for the employer, and just more flexibility overall. Most people knew a shift would come eventually – kind of like the shift to IPV6- but it stalled and stalled. Then the pandemic happened and WFH had been thrust upon us with such force that businesses were, and still are, scrambling to get the pieces in place for an effective remote staff.

It is no longer a secret that WFH is here to stay. Many businesses including Fujitsu and Twitter have just gone ahead and implemented WFH ‘forever’. With this change come challenges. One of those is the security of routers in the millions upon millions of homes that now serve as working offices.  According to a study by Germany’s Fraunhofer Institute for Communication, vendors have failed to fix hundreds of vulnerabilities in their consumer-grade routers, leaving hundreds of thousands of users exposed to a wide range of attacks. "Nearly all were found to have security flaws, some of them very severe," the Fraunhofer Institute said in a press release. "The problems range from missing security updates to easily decrypted, hard-coded passwords, and known vulnerabilities that should have been patched long ago."

 Advice on next steps

So what should we do? The first step is to know the make and model of your router. Research it for any known vulnerabilities, as there may be some cases where the device is so insecure that even patching it still leaves it vulnerable. Once you’ve decided if it is worth keeping the device make sure that it automatically installed firmware updates. If not you may need to manually update it. A task that is well worth the effort. Another task is to make sure that the administrator password for the router has been changed from the default admin password. Many routers now have unique default passwords for their routers- but there are still plenty out there that don’t.

WFH Users should use complex passwords on their routers including:

·         Uppercase and Lowercase

·         Numbers and Symbols

·         At least 8 characters long

You should also use the strongest Wi-Fi encryption your router supports. WPA3 (Wi-Fi Protected Access Version 3) is best.

You may have children working, playing, and streaming while you are home. Ensure they use their own devices and do not surf on your work devices.

Router configuration and device hardening are just one of the many layers of security that businesses need to adapt and expand to their remote workforce. We here at CyberSecOp would not be surprised if, sooner rather than later, companies begin purchasing, installing, and administering home routers to ensure a secure endpoint to endpoint networking. Until then remain vigilant and patch patch patch!

Author: Carlos Neto

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Achieve an Effective Security Awareness Program

For any company, especially technology-oriented ones, being aware about the cyberthreat landscape is critical. There is often the mindset that most cyberattacks can be warded off by procuring and implementing the latest security technologies, and relying on consultants and internal resources to police implementation.

While this passive strategy may yield a certain level of effectiveness, it also takes a high level of active, participatory security awareness on part of both employees and management in order to 100% fortify the lines of defense around the business or corporation.

STEPS TO ACHIEVE AN EFFECTIVE SECURITY AWARENESS PROGRAM

1.     The Major Orienting Components – A comprehensive, participatory information security awareness program should have as its three foundational pillars the principles of confidentiality, integrity, and availability.  While the first two terms speak for themselves, the third is often misapprehended.  Here, it refers to the organization maintaining a comprehensive system of controls over information security such that employees can be assured of having access to all information necessary to perform their roles without risk of breach.

2.     The Protection of Corporate Resources - “Corporate resources” does not just refer to digital assets — it also refers to physical assets, such as paper documents. A security awareness checklist should include the proper usage of document-shredding machines and how the shredded documents should be disposed of.

3.     Protection of Corporate Facilities - Employees should be trained not only in how to look for suspicious behavior from the outside, but from the inside as well.  This will ensure against unauthorized personnel gaining access to the premises for purposes of mounting internal attacks against the information infrastructure.

4.     The Formal Security Awareness Training Program – The corporation should maintain a comprehensive security awareness training program and all employees, irrespective of position with the organization and/or function, should regularly participate.

5.     Determining Levels of Responsibility and Segregation of Duties – All employees involved in the day to day management of security over the corporation’s digital and physical information assets should have their roles clearly defined and responsibilities enumerated and documented in a comprehensive ‘R & R’ policy.

CyberSecOp Security Awareness Courses specializes in helping employees understand the mechanisms of spam, phishing, spear-phishing, malware, and social engineering and are able to apply this knowledge in their day-to-day job. Our Security Awareness training solutions effect meaningful, sustainable changes in any workforce. With CyberSecOp Security Awareness Training, employees are not just aware of the dangers presented by an ever-changing threat landscape: they’re empowered to protect your organization from them.

AUTHOR: RICH FIORE

Read More