A newer type of attack that is gaining momentum on the WFH revolution is Consent Phishing, which seeks the user’s permission as opposed to password.

With today’s widespread use of cloud applications like Webex, Zoom, and Box for increased productivity, the average person has no doubt ran across an application that asks for consent. Attackers have leveraged this familiarity to create malicious applications that request permission for access to sensitive data. Once the user has granted the application access it’s Game Over.

How it works

While each attack method varies, it usually comes down to the following steps:

1. Threat actor registers a malicious app with an OAuth 2.0 provider, such as Azure Active Directory, AWS, or Google Cloud

2. The app is configured in an inconspicuous way that makes it seem legitimate

3. The threat actor gets a link to pop up for the user which may be done through conventional email-based phishing, by compromising a non-malicious website

4. The victim clicks the link and is shown the familiar-looking consent prompt asking them to allow the application permission to sensitive data

5. Once the user clicks accept, they have granted the application permissions to access sensitive data

6. The malicious application receives an authorization code, which it then redeems for an access token, and potentially a refresh token

7. The access token is used to make API calls on behalf of the user

How to protect against this type of attack

• Advanced endpoint protection

• User awareness, if the application consent prompt contains misspelling or grammar errors, those are telltale signs that it may be malicious

• Configure your organization to only allow applications that are published and verified

• Configure policies to whitelist only certain apps for use

Author: Carlos Neto

‘Prepping’ for Work from Home

For the past few years employees and employers alike extolled the virtues of working from home (‘WFH’). We’ve heard the stories of how it leads to a happier and more productive employee, less overhead for the employer, and just more flexibility overall. Most people knew a shift would come eventually – kind of like the shift to IPV6- but it stalled and stalled. Then the pandemic happened and WFH had been thrust upon us with such force that businesses were, and still are, scrambling to get the pieces in place for an effective remote staff.

It is no longer a secret that WFH is here to stay. Many businesses including Fujitsu and Twitter have just gone ahead and implemented WFH ‘forever’. With this change come challenges. One of those is the security of routers in the millions upon millions of homes that now serve as working offices.  According to a study by Germany’s Fraunhofer Institute for Communication, vendors have failed to fix hundreds of vulnerabilities in their consumer-grade routers, leaving hundreds of thousands of users exposed to a wide range of attacks. "Nearly all were found to have security flaws, some of them very severe," the Fraunhofer Institute said in a press release. "The problems range from missing security updates to easily decrypted, hard-coded passwords, and known vulnerabilities that should have been patched long ago."

 Advice on next steps

So what should we do? The first step is to know the make and model of your router. Research it for any known vulnerabilities, as there may be some cases where the device is so insecure that even patching it still leaves it vulnerable. Once you’ve decided if it is worth keeping the device make sure that it automatically installed firmware updates. If not you may need to manually update it. A task that is well worth the effort. Another task is to make sure that the administrator password for the router has been changed from the default admin password. Many routers now have unique default passwords for their routers- but there are still plenty out there that don’t.

WFH Users should use complex passwords on their routers including:

·         Uppercase and Lowercase

·         Numbers and Symbols

·         At least 8 characters long

You should also use the strongest Wi-Fi encryption your router supports. WPA3 (Wi-Fi Protected Access Version 3) is best.

You may have children working, playing, and streaming while you are home. Ensure they use their own devices and do not surf on your work devices.

Router configuration and device hardening are just one of the many layers of security that businesses need to adapt and expand to their remote workforce. We here at CyberSecOp would not be surprised if, sooner rather than later, companies begin purchasing, installing, and administering home routers to ensure a secure endpoint to endpoint networking. Until then remain vigilant and patch patch patch!

Author: Carlos Neto

The COVID-19 pandemic has alerted many organizations to gaps in their information security infrastructure heretofore unrealized. Most of these deficiencies have been revealed as a direct outcome of the shift from a workforce-in-place physical environment centered around a fixed and determinable worksite location to a distributed, unstructured environment where most employees and individuals are working remotely.

At CyberSecOp, we can help your organization address these, as well as other concerns related not only to the current operating environment but also pertaining to any and all operating challenges you may face as part of your ongoing operations.

The lack of a centralized workspace raises a multiplicity of information security concerns, including but not limited to the following:

1.      Does the company have an established Work-From-Home (WFH) information security policy, and if not, how is remote worker security managed?

2.      Are employees adequately trained to work remotely, and do they have the appropriate tools at their disposal to ensure the preservation of the security environment?

3.      How does the organization manage mobile device and laptop security, including encryption?

4.      Control and testing of the commercial VPN?

5.      Does the organization maintain a comprehensive data loss protection policy?

6.      How, if at all does the organization address data loss protection?

7.      Does the organization have a breach response plan for mobile and remote WFH employees?

At CyberSecOp, we can help your organization address these, as well as other concerns related not only to the current operating environment but also pertaining to any and all operating challenges you may face as part of your ongoing operations. Our skilled team of information security professionals can provide a comprehensive assessment of your information security framework and suggest remediation and complementary additions to your existing framework, as the case may be.

There are several things to consider if and when the time comes for firms to return to the office. CyberSecOp recommends:

• Third-Party network risk assessment

•   Operational Responses to Security Incidents

• Work from Home Security

• Virtual Meeting Applications

• Updates and Patches

•   A full virus scan on workstations returning to the office

• Full Windows/Mac updates

• Review Wi-Fi connections on returning devices: Some people may come back and still connect to Optimum Wi-Fi (This can be very risky)

• Delete any accounts not for company use

• Provisioning devices employees may have bought in haste (Hardening AV adding to the domain)

• Mobile device management strategy for new mobiles, or devices that employees are using more

• Pandemic Policy, Cybersecurity Policy Wireless policy

It is important for organizations to foresee possible consequences transitioning from working remotely to returning to the office. CyberSecOp can help facilitate this transition.

AUTHOR: Michael Young

For any company, especially technology-oriented ones, being aware about the cyberthreat landscape is critical. There is often the mindset that most cyberattacks can be warded off by procuring and implementing the latest security technologies, and relying on consultants and internal resources to police implementation.

While this passive strategy may yield a certain level of effectiveness, it also takes a high level of active, participatory security awareness on part of both employees and management in order to 100% fortify the lines of defense around the business or corporation.

STEPS TO ACHIEVE AN EFFECTIVE SECURITY AWARENESS PROGRAM

1.     The Major Orienting Components – A comprehensive, participatory information security awareness program should have as its three foundational pillars the principles of confidentiality, integrity, and availability.  While the first two terms speak for themselves, the third is often misapprehended.  Here, it refers to the organization maintaining a comprehensive system of controls over information security such that employees can be assured of having access to all information necessary to perform their roles without risk of breach.

2.     The Protection of Corporate Resources - “Corporate resources” does not just refer to digital assets — it also refers to physical assets, such as paper documents. A security awareness checklist should include the proper usage of document-shredding machines and how the shredded documents should be disposed of.

3.     Protection of Corporate Facilities - Employees should be trained not only in how to look for suspicious behavior from the outside, but from the inside as well.  This will ensure against unauthorized personnel gaining access to the premises for purposes of mounting internal attacks against the information infrastructure.

4.     The Formal Security Awareness Training Program – The corporation should maintain a comprehensive security awareness training program and all employees, irrespective of position with the organization and/or function, should regularly participate.

5.     Determining Levels of Responsibility and Segregation of Duties – All employees involved in the day to day management of security over the corporation’s digital and physical information assets should have their roles clearly defined and responsibilities enumerated and documented in a comprehensive ‘R & R’ policy.

CyberSecOp Security Awareness Courses specializes in helping employees understand the mechanisms of spam, phishing, spear-phishing, malware, and social engineering and are able to apply this knowledge in their day-to-day job. Our Security Awareness training solutions effect meaningful, sustainable changes in any workforce. With CyberSecOp Security Awareness Training, employees are not just aware of the dangers presented by an ever-changing threat landscape: they’re empowered to protect your organization from them.

AUTHOR: RICH FIORE

Comodo and CyberSecOp Announce Strategic Partnership

after Award-Winning MSSP Dropped Leading Competitor

Clifton, NJ – June 30, 2020 – Comodo and CyberSecOp today announced their strategic partnership. CyberSecOp, an award-winning, independent security consulting firm providing a range of information security consulting services, has partnered with Comodo to expand its security services offering for its customers. Comodo displaced a leading competitor.  

 “We focus on the customer experience—delivering what our customers want when they want it. That is our commitment and we take it seriously” said Jeffrey Walker, Chief Information Security Officer at CyberSecOp. “We needed to expand our security operations to fit the growing demand from our customers. Once we saw Comodo's complete SOC as a platform (SOCaaP) offering for MSSP partners and its ingenious auto containment technology, we knew they were the right partner for us. Occasionally, we have a partnership that our firm can't survive without, and we are confident that this is the relationship we are building with Comodo.”

CyberSecOp chose Comodo because it’s the world’s only complete, next-gen SOC-as-a platform offering — which includes people, process, and technology. The patent-pending auto containment technology is the world’s only active breach protection that renders ransomware, malware or cyber-attacks useless.  In addition, the platform saves MSSP partners time and money, without zero capital outlay.

“Our partners and the channel are in our DNA. Comodo is a partner-centric company and our goal is to make sure our MSSP partners and their clients are secure and happy,” said Alan Knepfer, President and Chief Revenue Officer at Comodo. “We are proud that such a respected MSSP has selected us. Our partners expect the best from us, and this allows us both to take our high standards to the next level.”

About CyberSecOp

CyberSecOp cybersecurity consulting services was founded by two information security professionals, and a managed services IT firm. They recognized the need for cyber security consulting services for small and medium-sized companies, and that small and medium businesses need to be secured with an information cyber security program. We provide Managed Security Services, Cyber Security Consulting, Security Consulting VISO Services, and Security Staffing. 

Mission: To redefine customer business equity with best-of-breed transformation, technology, and talent.

Vision: Empower our customers to focus on core business competence through innovative and competitive IT and secure business process outsourcing.

About Comodo Security Solutions, Inc.

Comodo delivers next generation cybersecurity solutions to protect businesses, schools, and government organizations in today’s risk-filled business environment. Headquartered in Clifton NJ, Comodo’s global development team and threat intelligence laboratories deliver innovative, category-leading, solutions for a company’s endpoints, network boundary, and internal network security.

Thousands of companies and organizations rely on Comodo’s technology to authenticate, validate, and secure their most precious asset—information—and to combat constant cyberattacks and threats like ransomware from wreaking havoc on a global scale.

www.comodo.com
sales@comodo.com
+1 888 551 1531

Ransomware is a type of malicious software that is designed to block access to a computer system or its data until a sum of money is paid. Ransomware attacks typically involve encrypting the victim's data and demanding a ransom from the victim to restore access to the data upon payment. Ransomware attacks can be extremely disruptive and costly for individuals and organizations, as they may result in the loss of important data and interruption of business operations.

There are several ways that ransomware can be delivered, including through email attachments, malicious websites, and vulnerable software. It is important to protect yourself and your organization from ransomware by regularly updating your software and operating systems, using strong passwords and two-factor authentication, and being cautious when opening emails or downloading attachments from unknown sources. If you do fall victim to a ransomware attack, it is important not to pay the ransom and to seek out professional help to restore your system and data.

Ransomware attacks can have significant impacts on businesses.

Ransomware attacks can have significant impacts on businesses, including financial losses, reputational damage, and disruption of operations. According to a 2021 report by the cybersecurity firm Emsisoft, the average ransom demand for a ransomware attack on a business in 2021 was $233,817, with the highest ransom demand being $50 million. The report also found that the number of ransomware attacks on businesses increased by 89% in 2021 compared to the previous year.

In addition to the direct financial costs of ransomware attacks, businesses may also incur indirect costs such as loss of productivity, damage to customer relationships, and legal fees. Ransomware attacks can also lead to reputational damage, as customers and stakeholders may lose trust in the affected business if their data is compromised or if the business is unable to provide its products or services due to the attack.

It is important for businesses to implement strong cybersecurity measures to protect themselves from ransomware attacks, as the costs of such attacks can be significant. This may include regularly updating software and operating systems, using strong passwords and two-factor authentication, and implementing backup and recovery systems to minimize the impact of a successful attack.

ransomware prevention technology

There are several technologies that can be used to prevent ransomware attacks and protect against the damage they can cause. Some of these technologies include:

1. Antivirus software: Antivirus software can identify and block ransomware before it is able to infect a system.

2. Firewalls: Firewalls can block incoming connections from known malicious sources, including those used to deliver ransomware.

3. Email filtering: Email filters can block or quarantine email messages that contain malicious attachments or links, which can prevent ransomware from being delivered through email.

4. Web filtering: Web filters can block access to malicious websites, which can prevent ransomware from being downloaded from these sites.

5. Network segmentation: Network segmentation can help to isolate different parts of a network from one another, which can limit the spread of ransomware within an organization.

6. Backup and recovery systems: Regularly backing up data and implementing recovery systems can help businesses to minimize the impact of a ransomware attack by allowing them to restore their systems and data from a known good state.

It is important to note that no single technology can provide complete protection against ransomware attacks. It is recommended to use a combination of technologies and to regularly update and maintain them to ensure the best possible protection against ransomware.

The first time I heard the term ‘Dark Web’ was in the context of a case of misappropriated identity.  A close relative of mine had begun receiving all sorts of communications from credit card companies and debt collectors concerning delinquencies that they were completely unfamiliar with.  One even included an attempt at collecting back premises rent for an apartment in Dallas, Texas where my relative had never visited in their life.  After spending months fighting off financial claims and trying to repair their credit history, my relative contracted a computer security professional to perform a forensic investigation of their home PCs.  It was ultimately discovered that some or all of the data breach enabling the identity theft had been the outcome of a fairly sophisticated spear-phishing attack combined with the installation of a key logger agent.  The forensics also revealed that much of their Personal Identifying Information had migrated to the Dark Web and was presently freely available to whomever-or whichever entity-might be interested.

Dark Web and how it functions

Dark Web, I thought.  Huh.  I’ve heard of the Dark Web but don’t know much about what it is or more specifically, how it functioned.  Heretofore I’d (wrongly) believed it was composed of a bunch of gamers sharing logins to cloud gaming services along with the ever-present and always thriving market for pornography.  My investigatory efforts yielded that the Dark Web is so, so much more, however; and I thought it was important to share my findings to clear up any popular misconceptions of which there is legion.  Therefore, I’ve decided to put together a brief post that provides the nuts and bolts of what’s become an increasingly important cog in the global economy for ill-gotten bits and pieces of data and information.  It turns out, the Dark Web wasn’t nearly as elemental as I’d initially suspected.

The Dark Web is a collection of thousands of websites that use anonymity tools to hide their IP addresses. While it's most famously been used for black market drug sales and even child pornography, the Dark Web also enables anonymous whistleblowing and protects users from surveillance and censorship.  Readers will recall that the Dark Web played an intermediary role in WikiLeaks dissemination of certain confidential U.S. Department of Defense documents related to the conflicts in Iraq and Afghanistan.

Who created the Dark Web and how can it be assessed?

The majority of Dark Web sites use the anonymity software Tor with was created by the U.S. Department of Defense, though a smaller number also uses a similar tool called I2P. Both of those systems encrypt web traffic in layers and bounce it through randomly-chosen computers around the world, each of which removes a single layer of encryption before passing the data on to its next hop in the network. In theory, that prevents any spy—even one who controls one of those computers in the encrypted chain—from matching the traffic’s origin with its destination.  In layman’s terms-traffic on the Dark Web is untraceable.

Though the Dark Web is most commonly associated with the sale of drugs, weapons, counterfeit documents, and child pornography, not everything on the Dark Web is quite so “dark.” One of the first high profile Dark Web sites was the Tor hidden service WikiLeaks created to accept leaks from anonymous sources.  Even Facebook has launched a Dark Web site aimed at better catering to users who visit the site using Tor to evade surveillance and censorship. The Dark Web is also a vehicle for hackers to buy and sell personal information such as names, addresses, social security numbers, credit card information, etc. The more information they obtain from the unsuspecting victim, the higher the price.

Can Dark Web provide privacy

Just how completely Dark Web users can evade the surveillance of highly-resourced law enforcement and intelligence agencies, however, remains an open question. The FBI and EUROPOL have both launched successful Dark Web investigations aimed at stopping human trafficking, identity theft, and drug smuggling, and in most cases, the agencies were able to identify the threat actor by setting up relays and scripts on websites they frequently visit.  It's also possible that the agencies employed sophisticated DNS attacks on TOR servers or used other exploits; then again, it’s also possible they were able to rely on good old Human Intelligence-informants.  Everyone seems to have a price. 

So in summary, we know that the Dark Web exists, it’s a marketplace for all sorts of data and information exchange, not all of it legal or voluntarily disclosed.  The best way to ensure you don’t wind up on the wrong side of information exchange?  Secure your information systems, be very, very judicious in responding to emails and if you have any questions or concerns, contact a licensed information technology security professional.  The stakes are high, and only getting higher.

Author: Rich Fiore

Moving to the cloud: A Study in Security, Efficiency & Reduced Organizational Risk Posture

A recent Gartner study indicates that cyber crimes are at an all-time high, up 30% year over year. This is and should be of tremendous concern to C-suite executives and boards of directors.

The root cause of cybercrimes varies; however, most organizations will experience vulnerabilities arising from technological gaps due to neglected software patching initiatives, outdated firmware, continued use of hardware beyond manufacturer ‘end of life’ standards, limited resources, limited budgets, multiple new compliances, and of course externalities such as the recent global pandemic.

In efforts to protect against threat actors while simultaneously acknowledging their companies’ limitations, more and more C-suite information security executives are proposing complete moves to cloud-based computing environments along with the ‘shared resource’ model characteristic thereof.  This will help ensure information security integrity, reduce or eliminate the threat of bad actors wreaking havoc on the company’s information systems and will allow the organization to achieve its goals with some element of cost-efficiency. To ensure these systems are implemented in the most efficient manner possible, many concerns will turn to Managed Security Services Providers (MSSPs).

1.       Lack of resources create an unintended risk appetite

Some specific security challenges organizations face in today’s operating environment, based on experience include: A lack of resources creates an unintended risk appetite leads to organizational dysfunction and job loss. Organizations need to provide their CISO with their own budget, independent of IT, and the CISO needs to report at the same level as the CIO with a direct line to the Board of Directors and should feel comfortable addressing any vulnerabilities that may arise, notwithstanding resource requirements to address them. Recently, we were tasked with performing a security assessment and reporting our results directly to the client’s Chief Information Officer. The Chief Information Officer, in turn, requested that we provide our findings simultaneously, at a joint meeting of the Board of Directors. The Chief Information Security Officer had previously briefed the board on the organization’s information security posture and had suggested that risk levels were at a minimum and that there were no vulnerabilities or deficiencies that could pose mission-critical faults; in this, the CISO had sought to ‘paper over’ problems that had not been budgeted for and instead treated with an ‘it’s your job, you fix it’ mentality, creating a lose-lose proposition. Our findings and report directly contravened what the Board had previously been told, and this led to the firm initiating a comprehensive systems audit which resulted in the dismissal of multiple information technology executives.

2.       Cloud Security Competency, Efficiency, and Cost-Effectiveness. As the cloud computing environment becomes mainstream, organizations will realize the competitive benefit of having so many competitors offering similar services. This allows organizations to seek out the best technology and team while adhering to internal resource limits.

3.       Application and Network Monitoring

This service is critical for identifying potential risks and attacks from internal and external threats and one of the single largest information security infrastructure areas of investment for companies today. CyberSecOp has seen a volumetric increase in requests for our Security Information and Event Management (SIEM), Managed Detection and Response (MDR), Data Loss Prevention (DLP), Security Operations Center (SOC) and Cloud Access Security Brokers (CASB) services over the last year, which dovetails with broader global market trends. With ransomware and data security breaches at an all-time high, organizations are looking to managed IT security and managed compliance services providers to bridge the resource gap.

4.       Data Security Governance Framework

Organizations are utilizing the cloud to aid with compliance, reducing the upfront cost of buying all the necessary security solutions and related resources needed to get them configured and managed; indeed, the focus has switched to using cloud and shared resources provided by managed IT and managed security providers.

5.       Enterprise Security Partners

Bringing on an Enterprise Partner enables companies to focus on those factors that promote business growth as opposed to focusing on back-end solutions and internal control structures.  In turn, the Enterprise Partner (MSSP) is often able to provide its services at a substantially more cost-efficient and competency structure than if the company had attempted to replicate those services internally; examples of specific areas of favorability are hiring and staffing the function, keeping up with and implementing vulnerability management, leaner staffing levels, and overall cost efficiencies.  

6.       Authentication 

Over the past year, we have seen a 70% increase in the adoption of multifactor authentication technologies, including but not limited to ‘password-lite’ cloud-based solutions capable of biometric authentication, geolocation fence authentication, anomaly detection, end-user based risk scoring, and evaluation. Partnering with an Enterprise Security Partner can ensure such technologies are rolled out across all organization information technology platforms in a coordinated and effective manner, with a minimum risk of non-adoption and systemic conflicts.

CyberSecOp provides proven Risk Management and Digital Transformation: As one of the most called on firms for security breach response services per Google Analytics, we have assisted with over 550 incident responses spanning 2019 and 2020. CyberSecOp helps organizations assess their cloud or on-premise environments and implement a security program that provides the safeguards needed in the cloud or on-premises. We also offer incident response and forensics teams to assist with containment, remediation, recovery from ransomware attacks, and other security breaches.

FBI, DHS CISA Publish Top Ten Cybersecurity ‘Hit List’ for State-Based and Non-State Based threat actors

Recently, two prominent US cybersecurity agencies disclosed, according to their internal metrics, the 10 most commonly exploited software vulnerabilities. The relevant time interval was 2016 through 2019, inclusive, as well as separate guidance listed for 2020.

The report, authored by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI), urges organizations in the public and private sector to apply all software patches and updates in order to prevent the most common forms of attacks encountered today.

This includes, but is not limited to, attacks carried out by state-sponsored, non-state, and unattributed threat actors.

US government officials have argued that applying patches could degrade the cyber arsenal of foreign actors targeting US entities, as they'd have to invest resources into developing new exploits, rather than relying on old and tested bugs.

"Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available," US officials said.

"A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries' operational tradecraft and force them to develop or acquire exploits that are costly and less widely effective."

A summary of the FBI and CISA’s ‘Top 10 Vulnerabilities from 2016 through 2019’

1. OLE - According to U.S. Government technical analysis, malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are related to Microsoft’s OLE technology.

2. Apache Struts - After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts.

3. Windows Common Controls - As of December 2019, Chinese state cyber actors were frequently exploiting the same Windows OS vulnerability, an exploit in the Windows Common Controls that could allow for remote code execution.

4. Unpatched Devices - Deploying patches often requires IT security professionals to balance the need to mitigate vulnerabilities with the need for keeping systems running and ensuring installed patches are compatible with other software. This can require a significant investment of effort, particularly when mitigating multiple flaws at the same time. The FBI and CISA noted that this is a vulnerability as many organizations focus on their IT infrastructure as an area for cost-saving measure.

5. Microsoft and Adobe Flash products - A U.S. industry study released in early 2019 similarly discovered that the flaws malicious cyber actors exploited the most consistently were in Microsoft and Adobe Flash products, probably because of the widespread use of these technologies.

A summary of the FBI and CISA’s top vulnerabilities from 2020

• Bugs detected in Citrix VPN appliances, specifically the Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0; allows for directory traversal.

• Bugs detected in Pulse Secure VPN servers; specifically, In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URL to perform an arbitrary file reading.

With the inception of the COVID-19 pandemic, malicious actors are increasingly targeting small hospitals and health centers with ransomware attacks. This is likely because these organizations are more likely to pay the ransom to recover data, as they weigh the perceived cost/benefit to strengthening their IT infrastructure security, or moving part or all of their IT operations to cloud-based solutions.

Cybercriminals tend to specifically target direct patient care facilities such as hospitals, healthcare centers, medical practices and health and wellness centers; although their efforts are certainly not confined to the above-referenced provider classes. The average ransomware demand is in the neighborhood of $60,000; however, simply paying the ransom in no way guarantees that the attacker will remit the decryption key; in fact, quite the opposite may occur; paying a ransom may encourage the attacker to maintain the leverage they enjoy over the target. 

The ultimate consequences of ransomware attacks can and often are quite severe, ranging from continued involuntary exploitation of the attacker/victim relationship, to business closure. In some cases, class action lawsuits (dependent on the attack vector and information yield).

As more organizations move employees to work from home, remote staff make it increasingly difficult for IT teams to police computer systems and prevent cyber-attacks. Attackers now have far more access points and endpoints to probe or exploit, with little to no security oversight.

Here at CyberSecOp, we have formulated several countermeasures that healthcare employers should employ to minimize the risk of their networks being penetrated and secure their sensitive information.

Add data storage: After backing up data, the next step is to store data offline, on a different network, or a cloud-based environment.

Maintain a strong information encryption policy: Healthcare data must be encrypted at rest and transit with the highest standards available so that even if cybercriminals acquired it, they would not be able to read it.

Formulate and maintain an Incident Response Plan: Develop and test an incident response plan to help mitigate the impact of certain destructive malware attacks.

Track all data: Security personnel should closely monitor the company’s digital assets within the organization. This is of particular importance now as healthcare facilities’ attack surface expands and becomes more complex with some staff working remotely. 

Establish and maintain firewalls: To harden networks and connected equipment, healthcare facilities with devices running open services should place them behind the latest application firewalls. They should also implement proper change management and firewall reviews to ensure proper documentation and optimization of these devices.

Follow the trends: Be aware of current ransomware threats, attack trends, and make sure those trends are socialized and communicated throughout the organization. Awareness is key.

1. Avoid Creating Easy or Common Passwords

Password123 is a big no-no. Hackers have become bolder and have been using password deciphering tools to infiltrate vulnerable accounts. Multi-factor authentication (discussed later in this list) will most likely prevent them from going further, but it is always recommended to create a password with a mix of symbols, numbers, capital letters, and a lengthy number of characters to make it harder to crack. Also, the more frequently you change a password, the better. We also recommend using different passwords for different accounts. If the same password is used for multiple accounts, it becomes easier for hackers to infiltrate multiple accounts.

2 Connect Only to Protected Private WiFi Networks or (VPN) Virtual Private Networks

Always use private, password-protected WiFi networks to connect remotely. Security experts consider signing in to sensitive office networks with public WiFi or unsecured network connections akin to “swimming in shark-infested waters”—it’s only a matter of time before you get bit. Experts recommend consulting a trusted IT provider about setting up a VPN that can minimize the risk to devices and data.

3. Unusual Phrasings in subject lines/body, misspellings, poor-quality images or bad grammar

Although corona-virus-related phishing schemes are currently at an all-time high, the good news is that they aren’t much different from past attempts. Paying extra attention to message details—capitalization, punctuation, paragraph structure, sloppy design/formatting, or any language that seems out of the norm, makes detecting fake ones easier.

4. Don’t download unfamiliar attachments or click on unfamiliar links

In the age of remote work, collaborative OneDrive, Google Docs, or general Cloud sharing is a common way to redirect others to a malicious website. If you aren’t expecting a specific file from a specific sender, don’t open any attachments in an unknown message. This applies to links as well. To check if a link is safe, hover your mouse over the link to confirm the target URL matches what’s written (on a desktop or laptop). For extra precaution, type out the website to avoid being unknowingly redirected.

5. Activate multi-factor authentication (MFA) on every account you can

Many phishing schemes try to get you to re-enter your password for common apps or social media accounts—all in hopes that hackers can steal your password. Using multi-factor authentication can mitigate this since MFA requires something you know (your password) with something you have (a unique code delivered via text message or email).

6. Confirm the sender's email address

It’s easy for a hacker to mimic someone’s display or contact name—always double-check to confirm what shows up with the actual email address the message was sent from to make sure the sender is who he or she is claiming to be.

7. Do not respond to email correspondence from any financial institution

This goes for any communications via email or phone. You will not be prompted to sign in to your account or receive a call from your financial institution asking for your PIN or other personal information. In fact, most updates are sent with a 'do-not reply' email handle. Most official communications from financial firms are usually sent via snail mail. To ensure you are in contact with an actual representative of the firm, call the number on the back of your card or the phone number provided on your financial statements.

We hope you find these tips helpful.

Safe remote working and browsing!

- The CyberSecOp Team

With the unprecedented events of the past few months and no end in sight to the COVID-19 pandemic, hackers are leveraging the related chaos as a means of targeting, hi-jacking, infiltrating, and generally creating havoc among major industries around the globe.

The suddenness of the global governmental response combined with the rapid shift to remote work solutions has created a haphazard environment for many businesses that simply do not have the time to implement due diligence and information security controls. Unfortunately, the smart bad guys are taking advantage.

In California’s’ Bay Area, two school districts have become recent victims of breaches that exploited the unexpected thrust to online learning. Video conferencing sessions were hacked and infiltrated by uninvited guests; hundreds of online learning passwords were inadvertently exposed to public consumption. School administrators were left scrambling and ultimately had to ban all usage of video conferencing until proper security measures were implemented.

Hospitals and medical facilities are reeling from the virus spread, and hackers are paying no solace to this industry as they hammer away with targeted phishing campaigns and other website-based attacks. The World Health Organization (WHO) has reported several unsuccessful attacks against their network, with one geared around impersonating the WHO email system. Hammersmith Medicines Research (HMR) a UK based research team tasked with creating a Covid19 vaccine, unfortunately, did fall victim to a cyber-attack, as malicious actors were able to access and then post medical data from thousands of patients.

Education and healthcare are not the only sectors being infiltrated. Financial firms are being hit with targeted phishing attacks called whale or spear-phishing - Using Covid19 as the backdrop. Attackers are creating very specific, sophisticated emails that create a sense of urgency and ultimately increase the odds of the recipient becoming a victim.

It is an important time to ensure that your business leaders are setting an example by exhibiting best practice security behaviors that will ultimately set the tone and trickle down the entire organization. Top management commitment, effective strong policies that are communicated to the entire organization, and a measurable security awareness along with a sound risk management framework; are just some of the layers in security that will decrease the attack surface of any business.

CyberSecOp offers a full suite of cyber-security solutions that include:

• Full Security Assessments

• Gap Analysis

• Policy Creation

• Security Awareness Training and Measurement

• 24/7 Security Operations Center (SOC)

• Ransomware Response

• Penetration Testing

• Vulnerability Scanning and Management

• Forensics

• VISO (Virtual Information Security Officer)

Teleworking during the Coronavirus outbreak? While working from home can help slow the spread of the virus, it brings new challenges: juggling work while kids are home from school; learning new software and conferencing programs; and managing paper files at home. As you’re getting your work-at-home systems set up, here are some tips for protecting your devices and personal information.

The internet has become a space riddled with malicious links of trojans, and viruses. Data breaches are becoming more frequent, and unsuspecting users are more vulnerable than ever before. 

1. Start with cybersecurity basics. Keep your security software up to date. Use passwords on all your devices and apps. Make sure the passwords are long, strong and unique: at least 12 characters that are a mix of numbers, symbols and capital and lowercase letters.

2. Connect Only to Protected Private WiFi Networks or (VPN) Virtual Private Networks

Always use private, password-protected WiFi networks to work from home. Security experts consider signing in to sensitive office networks with public WiFi or unsecured network connections akin to “swimming in shark-infested waters”—it’s only a matter of time before you get bit. Experts recommend consulting a trusted IT provider about setting up a VPN that can minimize the risk to devices and data.

3. Dispose of sensitive data securely. Don’t just throw it in the trash or recycling bin. Shred it. Paperwork you no longer need can be treasure to identity thieves if it includes personal information about customers or employees.

4. Unusual phrasings in subject lines/body, misspellings, or bad grammar

Although corona-virus-related phishing schemes are currently at an all-time high, the good news is that they aren’t much different from past attempts. Paying extra attention to message details—capitalization, punctuation, paragraph structure, sloppy design/formatting, or any language that seems out of the norm, makes detecting fake ones easier.

5. Don’t download unfamiliar attachments or click on unfamiliar links

In the age of remote work, collaborative OneDrive, Google Docs, or general Cloud sharing is a common way to redirect others to a malicious website. If you aren’t expecting a specific file from a specific sender, don’t open any attachments in an unknown message. This applies to links as well. To check if a link is safe, hover your mouse over the link to confirm the target URL matches what’s written (on a desktop or laptop). For extra precaution, type out the website to avoid being unknowingly redirected.

6. Activate multi-factor authentication (MFA) on every account you can

Many phishing schemes try to get you to re-enter your password for common apps or social media accounts—all in hopes that hackers can steal your password. Using multi-factor authentication can mitigate this since MFA requires something you know (your password) with something you have (a unique code delivered via text message or email).

7. Confirm the sender's email address

It’s easy for a hacker to mimic someone’s display or contact name—always double check to confirm what shows up with the actual email address the message was sent from to make sure the sender is who he or she is claiming to be.

8. Do not respond to email correspondence from any financial institution

This goes for any communications via email or phone. You will not be prompted to sign into your account or receive a call from your financial institution asking for your PIN or other personal information. In fact, most updates are sent with a 'do-not reply' email handle. Most official communications from financial firms are usually sent via snail mail. To ensure you are in contact with an actual representative of the firm, call the number on the back of your card or the phone number provided on your financial statements.

9. Follow your employer’s security practices. Your home is now an extension of your office. So, follow the protocols that your employer has implemented.

With the recent developments in COVID-19, many organizations are transitioning to a work-from-home model, but with no fool-proof way of tracking employees' work, they may experience a loss in productivity. Additional concerns related to data movement have put privacy and security at risk since most home users' networks are not secure. That's what CyberSecOp specializes in - employee tracking in distributed environments. 

• User Activity Monitoring to prevent insider threats

• User Behavioral Analytics monitors productivity and use results for process optimization with the ultimate goal to increase productivity and reduce or eliminate insider threats

• CyberSecOp's DLP is effective in protecting against data breaches, data leaks, and IP theft

 
You can have an effective remote workforce and still be in control with the ability to see user activity, live screen monitoring to automated alerts/scheduling, and more. See CyberSecOp.com for a trial.
CyberSecOp caters to small businesses, enterprises, government organizations, and everything in between. We provide cloud and on-premise deployments available at your request.

A data breach is the unauthorized access, use, disclosure, or theft of sensitive, confidential, or personal information. Data breaches can occur when cybercriminals gain access to a system or database and steal or expose the information stored there. They can also occur when information is accidentally or improperly disclosed by an individual or organization.

Data breaches can have serious consequences, including financial losses, reputational damage, and legal liabilities. They can also have serious impacts on individuals whose information is compromised, including identity theft and other forms of fraud.

There are several ways that data breaches can occur, including through cyber attacks, such as hacking and ransomware, and through physical means, such as the loss or theft of a device containing sensitive information. To prevent data breaches, it is important for individuals and organizations to implement strong security measures, such as using strong passwords, regularly updating software and operating systems, and implementing controls to prevent unauthorized access to sensitive information.

data breach laws

There are various laws that protect against data breaches and provide consequences for individuals and organizations that fail to protect sensitive information. These laws vary by jurisdiction, but some common examples include:

1. The General Data Protection Regulation (GDPR) is a data protection law that applies to organizations in the European Union (EU) and European Economic Area (EEA). It requires organizations to protect personal data and to report certain types of data breaches to authorities and individuals affected by the breach.

2. The Health Insurance Portability and Accountability Act (HIPAA) is a law that applies to the healthcare industry in the United States. It requires organizations that handle protected health information (PHI) to implement safeguards to protect the privacy and security of PHI.

3. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that apply to organizations that handle payment card information. It requires organizations to implement measures to protect against data breaches and to report certain types of data breaches to authorities and card issuers.

In addition to these laws, many countries have their own data protection laws that apply to the collection, use, and storage of personal information. It is important for organizations to be aware of and comply with these laws to protect against data breaches and the potential consequences of such breaches.

Prevent Data Breach

There are several steps that individuals and organizations can take to prevent data breaches and protect sensitive information:

1. Use strong, unique passwords: Use strong, unique passwords for all accounts and devices, and regularly update them. Avoid using the same password for multiple accounts.

2. Enable two-factor authentication: Enable two-factor authentication, which requires the use of a second form of authentication in addition to a password, for all accounts and devices.

3. Keep software and operating systems up to date: Regularly update software and operating systems to ensure that the latest security patches are installed.

4. Use a firewall: Use a firewall to block incoming connections from known malicious sources.

5. Use antivirus software: Use antivirus software to identify and block malware, including ransomware.

6. Implement access controls: Implement controls to prevent unauthorized access to sensitive information, such as by requiring users to authenticate before accessing certain data or systems.

7. Regularly back up data: Regularly back up data and store it in a secure location to minimize the impact of a data breach.

8. Train employees: Train employees on the importance of data security and best practices for protecting sensitive information.

By implementing these measures, individuals and organizations can significantly reduce their risk of suffering a data breach and the potential consequences of such a breach.

Why CISOs and Boards Should Work Together to Improve Cybersecurity

Corporate board members often ask management specific questions that stop short of demanding metrics, It is this lack of measurable criteria which often hinder the effectiveness of cyber-security efforts.

First and foremost, it is imperative for the board to appreciate the impact that information security can have on the business. Boards should treat security as a top business risk as well as a top business opportunity. Major security events can have a significant impact on revenue, brand, and can lead to catastrophic results.

Board oversight of cyber-security has increased over the years. Even board members without technical expertise have had to become rapidly acquainted with IT risk and security concepts. In recent years, frameworks and best practices have emerged to help boards get a grip on their organizations’ cyber-security posture.

Specific Areas of Focus:

• Improved emergency response times and evacuation management with real-time tracking of personnel movements around your site.

• Information related to how the organization manages cyber-security, security awareness, and the enterprise risk management (ERM) program.

• Actively monitor workers within a zone, on local or remote sites.

• Ensure blast zones have been cleared before explosives are detonated.

• Monitor the movement of people to a muster area during an evacuation.

• Ensure the security control room is aware of workers who are alone on remote sites.

• Monitor personnel who remain within a high security area at the end of a working day or shift.

Breach Response Protocol

Corporate boards should receive regular reports from executives about the company’s cyber-security risks, management review processes, overall health, and readiness to respond to an incident. Best practices include quarterly reports from firm leaders and more frequent reporting if needed.

Company leaders should carry out incident response plan tabletop exercises annually at a minimum. Board members should expect reports on the test outcomes. Details about how the plan will be updated are based on the test results.

Third-Party Risk

Regulators are increasingly targeting third-party risk. Wide-reaching laws like GDPR, industry-specific regulations such as the New York Department of Financial Services (NYDFS) Cyber-security Regulation and NERC CIP-013 in the utilities industry, provide specific requirements for managing third-party risk.

User-Related Risk

Human error can expose an organization to a wide array of cyber-attacks.. Business leaders commonly state that employee negligence is the most common cause of data breaches. Phishing for example, was implicated in 32% of data breaches in 2018. In addition, poor password practices, connecting to public Wi-Fi from company devices, and sharing files that contain malware are all examples of employee errors that could translate into huge costs for any organization.

In terms of board qualifications, 41% of companies reported highlighting cybersecurity expertise as an area of focus for new board directors. But when it came to interactions with management, only 34% of organizations mentioned the frequency of board reports, with just 11% reporting briefing the board annually or quarterly.

Recommendations for Boards of Directors

Questions to ask:

• Has responsibility for cyber-security been formally assigned at management level (e.g., CISO) and on the board itself (e.g., audit committee)?

• Is the board getting regular briefings on the organization’s strategy regarding cyber-security risks and cyber resilience?

• How engaged is the board in reviewing the organization’s cyber-risk management program and security-related investments?

• How has the organization (i.e., management) fared in recent tabletop exercises or simulations? Are directors taking part in such activities?

Vinny La Rocca

CEO

CyberSecOp.com

All these attacks are taking place, hackers are scanning the internet for Citrix appliances which were unpatched for the CVE-2019-19781 [1] vulnerability. Vulnerable devices include the Citrix Application Delivery Controller (ADC), Citrix Gateway, and two older versions of Citrix SD-WAN WANOP. The vulnerability was disclosed in mid-December; however, internet-wide attacks began after January 11, when proof-of-concept exploit code was published online and became broadly available to anyone.
Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

The CyberSecOp team has identified attacks scanning multiple client Citrix gateway to take advantage of vulnerabilities in Citrix gateway applications.

Timeline
On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0.
On January 22, 2020, Citrix released security updates for vulnerable SD-WAN WANOP appliances.
On January 23, 2020, Citrix released firmware updates for Citrix ADC and Gateway versions 12.1 and 13.0.
On January 24, 2020, Citrix released firmware updates for Citrix ADC and Gateway version 10.5.
A remote, unauthenticated attacker could exploit CVE-2019-19781 to perform arbitrary code execution.[2] This vulnerability has been detected in exploits in the wild.[3]
The Cybersecurity and Infrastructure Agency (CISA) strongly recommends that all users and administrators upgrade their vulnerable appliances as soon as possible.
Timeline of Specific Events

• December 17, 2019 – Citrix released Security Bulletin CTX267027 with mitigations steps.

• January 8, 2020 – The CERT Coordination Center (CERT/CC) released Vulnerability Note VU#619785: Citrix Application Delivery Controller and Citrix Gateway Web Server Vulnerability, and CISA releases a Current Activity entry.

• January 10, 2020 – The National Security Agency (NSA) released a Cybersecurity Advisory on CVE-2019-19781.

• January 11, 2020 – Citrix released blog post on CVE-2019-19781 with timeline for fixes.

• January 13, 2020 – CISA released a Current Activity entry describing their utility that enables users and administrators to test whether their Citrix ADC and Citrix Gateway firmware is susceptible to the CVE-2019-19781 vulnerability. 

• January 16, 2020 – Citrix announced that Citrix SD-WAN WANOP appliance is also vulnerable to CVE-2019-19781.

• January 19, 2020 – Citrix released firmware updates for Citrix ADC and Citrix Gateway versions 11.1 and 12.0 and blog post on accelerated schedule for fixes.

• January 22, 2020 – Citrix released security updates for Citrix SD-WAN WANOP release 10.2.6 and 11.0.3.]

• January 22, 2020 – Citrix and FireEye Mandiant released an indicator of compromise (IOC) scanning tool for CVE-2019-19781.

• January 23, 2020 – Citrix released firmware updates for Citrix ADC and Citrix Gateway versions 12.1 and 13.0.

• January 24, 2020 – Citrix released firmware updates for Citrix ADC and Citrix Gateway version 10.5.

Technical Details

Impact

On December 17, 2019, Citrix reported vulnerability CVE-2019-19781. A remote, unauthenticated attacker could exploit this vulnerability to perform arbitrary code execution. This vulnerability has been detected in exploits in the wild.
The vulnerability affects the following appliances:

• Citrix NetScaler ADC and NetScaler Gateway version 10.5 – all supported builds

• Citrix ADC and NetScaler Gateway version 11.1 – all supported builds before 11.1.63.15

• Citrix ADC and NetScaler Gateway version 12.0 – all supported builds before 12.0.63.13

• Citrix ADC and NetScaler Gateway version 12.1 – all supported builds before 12.1.55.18

• Citrix ADC and Citrix Gateway version 13.0 – all supported builds before 13.0.47.24

• Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO – all supported software release builds before 10.2.6b and 11.0.3b. (Citrix SD-WAN WANOP is vulnerable because it packages Citrix ADC as a load balancer).

What Customers Should Do
Exploits of this issue on unmitigated appliances have been observed in the wild. Citrix strongly urges affected customers to immediately upgrade to a fixed build OR apply the provided mitigation which applies equally to Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP deployments. Customers who have chosen to immediately apply the mitigation should then upgrade all of their vulnerable appliances to a fixed build of the appliance at their earliest schedule. Subscribe to bulletin alerts at https://support.citrix.com/user/alerts to be notified when the new fixes are available.
The following knowledge base article contains the steps to deploy a responder policy to mitigate the issue in the interim until the system has been updated to a fixed build: CTX267679 - Mitigation steps for CVE-2019-19781
Upon application of the mitigation steps, customers may then verify correctness using the tool published here: CTX269180 - CVE-2019-19781 – Verification Tool
Fixed builds have been released across all supported versions of Citrix ADC and Citrix Gateway. Fixed builds have also been released for Citrix SD-WAN WANOP for the applicable appliance models. Citrix strongly recommends that customers install these updates at their earliest schedule. The fixed builds can be downloaded from https://www.citrix.com/downloads/citrix-adc/ and https://www.citrix.com/downloads/citrix-gateway/ and https://www.citrix.com/downloads/citrix-sd-wan/
 
 If you would like to learn more about CVE-2019-19781 vulnerability & risk mitigation, please contact CyberSecOp at the following support@cybersecop.com 

The National Security Agency recently discover a vulnerability in Microsoft’s Windows 10 Operating System, NSA worked with Microsoft to issue patches and publicly raise awareness instead of using the flaw for its intelligence gathering.

On January 14, Microsoft released a set of patches for the Windows platform. While all of the issues addressed in the patch release are serious, this article will discuss one of them: CVE-2020-0601. Above anything else, we urge everyone to take action and patch their systems.

(CVE-2020-0601) affecting Microsoft Windows®1 cryptographic functionality.

The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. The exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples, where validation of trust may be impacted, include:

• HTTPS connections

• Signed files and emails

• Signed executable code launched as user-mode processes

Vulnerability

CVE-2020-0601 is a serious vulnerability because it can be exploited to undermine Public Key Infrastructure (PKI) trust. PKI is a set of mechanisms that home users, businesses, and governments rely upon in a wide variety of ways. The vulnerability permits an attacker to craft PKI certificates to spoof trusted identifies, such as individuals, web sites, software companies, service providers, or others. Using a forged certificate, the attacker can (under certain conditions) gain the trust of users or services on vulnerable systems, and leverage that trust to compromise them. 

Microsoft explanation of the vulnerability

Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.

Microsoft Windows Crypto API fails to properly validate certificates, which may allow an attacker to spoof the validity of certificate chains. This vulnerability may not seem flashy, but it is a critical issue. Trust mechanisms are the foundations on which the Internet operates.

Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA’s involvement. Microsoft and the NSA both declined to say when the agency privately notified the company.

Mitigation Actions

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems. In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services. Examples include:

• Windows-based web appliances, web servers, or proxies that perform TLS validation.

• Endpoints that host critical infrastructure (e.g. domain controllers, DNS servers, update servers, VPN servers, IPSec negotiation).

Prioritization should also be given to endpoints that have a high risk of exploitation. Examples include:

• Endpoints directly exposed to the internet.

• Endpoints regularly used by privileged users.

 Administrators should be prepared to conduct remediation activities since unpatched endpoints may be compromised. Applying patches to all affected endpoints is recommended, when possible, over prioritizing specific classes of endpoints. Other actions can be taken to protect endpoints in addition to installing patches. Network devices and endpoint logging features may prevent or detect some methods of exploitation, but installing all patches is the most effective mitigation.

Cyber Attack Bulleting

1) FBI, DHS issue bulletin warning of potential Iranian cyberattacks.                   

The FBI and Department of Homeland Security (DHS) issued a bulletin to law enforcement groups last week Wednesday warning of the potential for Iran to target the U.S. with cyber attacks in the wake of raised tensions following the death of Iranian General Qassem Soleimani.

2) 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete.                 According to the same survey, 80% of hackers say “humans are the most responsible for security breaches”.    

3) Traditional perimeter-based security is not enough for cyberattacks.
According to CyberSecOp Data Breach Investigations Report, over half — and trending toward 100% — of recent data breaches were due to compromised credentials.

4. There is a cyber attack every 39 seconds.
 By the time the average person takes a selfie and uploads it to Instagram, the next hacker attack has already taken place.

Ransomware is a type of malware that stops users from accessing their data until a ransomware payment is arranged. The money is usually paid in cryptocurrencies to avoid any kind of detection. Ransomware criminals trick you into clicking on infected links. They usually do this by copying the general look of an email to mask their nefarious intentions. Organizations interviewed by CyberSecOp say they experience data loss and major downtime as the result of a ransomware attack. Both of these outcomes are extremely costly for a business, especially larger ones with hundreds of employees. Significant downtime can result in millions of dollars of lost revenue and decreased consumer trust.

Cybercriminals Career Path is Ransomware

If you were considering becoming a cybercriminal or were perhaps a traditional villain looking to upgrade your skills for the 21st century, I’m sure your business model of choice would be running a ransomware operation. You would, thanks to the simplicity of platforms like Ransomware as a Service and the willingness of victims to pay ransomware fees.

The reason why Ransomware most common attack vector

The main reason for the runaway success of ransomware as a malware attack vector is its effectiveness and ability to generate money for cybercriminals. Anonymous payment services like Bitcoin make ransomware payment simple for victims and risk-free for the ransomware owners. Companies are even starting to keep a Bitcoin ransom ready if they are affected and cannot recover from the attack.

Ransomware big newsmakers

The biggest news-maker for 2019 is the Baltimore City government. The city’s computer system was hit with a ransomware infection in May 2019 that kept the city’s government crippled for over a month. Estimates put the cost to recover at over 18 million dollars, although the cybercriminal behind the ransomware only demanded $76,000 worth of Bitcoin. The attack reportedly impacted vaccine production, ATMs, airports, and hospitals. Just about a year earlier, the Atlanta city government spent over $17 million to recover from a ransomware attack that demanded $52,000 in Bitcoin.

The big tech giants are getting hit by ransomware too

Popular software as a service (SaaS) applications are being targeted by ransomware too. A study involving several multiple service providers found that Dropbox, Office 365, G Suite, Azure, and Amazon Web Services have experienced ransomware attacks in some form.

Ransomware Demand cost increases

At the same time, the average ransomware demands have increased rapidly to $36,000 in the second quarter of 2019. But this number understates the risk as perpetrators have adopted a more sophisticated pricing model which charges larger organizations much higher ransoms to unlock their data. Rivera Beach, FL, for example, had to pay $600,000 to unlock the city records encrypted by a ransomware gang while Korean hosting company Nayana paid $1m to unlock 3,400 hosted websites. Refusing to pay can cost even more as Norwegian aluminum maker Norsk Hydro learned when they spent $58m in the first half of 2019 to remediate the ransomware attack they experienced in March. The company’s Q1 profit also fell 82% due to production downtime caused by the attack. The implications for security professionals of these trends are clear. The time has come to move from a strictly defensive posture vis-à-vis ransomware to a more offensive strategy focused on finding and fixing vulnerabilities that can be exploited by ransomware.

98% of ransomware profits went through the cryptocurrency trading platform BTC

Windows 7 is due to reach End Of Life (EOL) on 14 January 2020, but a large number of the world's computers, most in corporate environments, are still running the nine-year-old system.

Microsoft ended mainstream support for Windows 7 in January 2015, with extended support running till 14 January 2020. Businesses that fail to migrate in time will be saddled with high fees for further support from Microsoft.

This End of Life means no more bug-fixes, security patches or new functionality, making any user - personal or enterprise - significantly more susceptible to malware attacks. Just as it did with Windows XP, Microsoft will continue to offer support for those Windows 7 users still reluctant to upgrade to its Windows 10 OS, but at the significant monetary expense.  Using an outdated operating system also makes your computer particularly vulnerable to cyber-attacks, including but not limited to phishing and ransomware exploits.

If you would like to learn more about Windows 7 End of Life risk mitigation, please contact CyberSecOp at the following support@cybersecop.com 

Get protected with CyberSecOp, data breach protection for organizations that uses cloud or on-premises solution. CyberSecOp assists organizations with Cyber Security Incident, Ransomware Remediation, Privacy regulations, NIST, ISO 27001, GDPR, HIPAA, PCI, PII, and cyber insurance policies that require you to identify and protect (PII/PCI/PHI). Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services