Internet Security Threats-Crypto Mining And IoT Attacks Top The List – Grayhats

Internet Security Threats-Crypto Mining And IoT Attacks Top The List – Grayhats

Crypto-mining is a new force, an attack on IoT is on the rise and ransomware is getting its act together to strike in a big way. According to new data collected by TechRepublic IoT threats have seen an 8500 % increase and keeping up with the pace is crypto-mining.

Ransomware Saturates the Cybercrime Market

Can you imagine a segment termed cybercrime-as-a-service, well, ransomware is now a commodity and everybody would like to have it? A hacker with no experience will be available to serve you on the technical front and be available for hire with their own version of ransomware.

The increased tool available in the market to deal with ransomware has caused the fee amount to drop significantly. This is way less to what the actual ransomware hackers demand. So this means businesses across the world should anticipate a more ransomware attack in the coming days.

Crypto-Mining the serious online threats of 2018

Now the next in line is Crypto-mining the hot cake on the of Internet security threats. According to Comodo “all it needs is just a few codes, and the hacker is ready to go as he seizes the device for a bounty”. The attacker can place crypto-mining software on systems and mine digital coin.

The crypto-mining code is lightweight so it escapes the radar and goes undetected, even though it is consuming your central processing unit. As miner makes their home on network and IoT devices, the resources take a toll and the energy cost rise. The crypto-mining is in the race of getting quick bucks and that new technology will not be enough to counter them, so all it needs to have is a well-informed and trained workforce.

Supply Chains caught in Crossfire

The supply chain is on the rise, and these incidents are on the rise, which means the criminals are on the lookout for better and easier ways and will target valuable corporate systems. In this case, the hacker will not target the supplier directly, but he will make a move by bypassing the organization’s network security. Take a look at how Ransomware made use of the flaws in the Ukrainian accounting software.

As always the supply chain partner will not know that their system has been compromised, and by the time they figure it out, it will be too late. According to Comodo, “companies must ensure maximum security protocols and put in place standard procedures”.

Targeted Attacks on the Rise

This can be attributed to the sheer fact that ‘spear phishing; has been used by 70 percent of the hackers so far, and now the threat is looming large. This is for the fact that stealing user credentials and skipping security is easier than breaking the firewalls.

Please follow and like us:
error
How a cloud backdoor poses a threat to the enterprise

How a cloud backdoor poses a threat to the enterprise

Cloud backdoors pose a rising threat to enterprises, according to new research. Expert’s at grayhats explains what a cloud backdoor is and what mitigation options are available.

Is your cloud server infected by a Backdoor ?

According to Netskope Inc.’s February 2018 “Cloud Report,” backdoors are the second most common type of malware detected during the last quarter of 2017, accounting for 33.6% of detections.

While that may be interesting as a barometer of cloud-intersecting attacker tradecraft, the more salient point for security practitioners in organizations that make extensive use of the cloud is the need to understand what exactly a cloud backdoor is — and, more importantly, how a security team can detect and block it.

What is a cloud backdoor?

Defining this term — at least with a high level of granularity and specificity — is a little more complicated than it might seem on the surface. This is in part because the classification of malware — both in the cloud and otherwise — is a complicated and nuanced exercise.

There have been a number of attempts over the years to establish a naming standard for the unambiguous identification of malware between researchers, but the reality is that there’s so much malware out there and it evolves so quickly that adhering to a uniform standard for naming, taxonomy and classification is non-trivial. This, in turn, means that while general categories and families are agreed upon by the research community, how a particular researcher categorizes a given sample from among the various strains and variants out there is largely up to the researcher.

As a general rule, backdoors are classified by what they are designed to do: to enable an attacker to control a victim resource — such as a virtual or physical host or cloud resource. So, a cloud backdoor is exactly what it sounds like: a channel that gives an attacker some level of command and control over an organizational resource.

That’s true of any backdoor, but what makes it specifically a cloud backdoor is that the channel is either facilitated by the cloud, uses an artifact in the cloud or uses cloud resources to propagate itself. The form that this can take varies by the cloud model.

In the case of an IaaS deployment, a cloud backdoor could refer to malware that enables access to a remote virtual environment hosted by an IaaS provider, such as a backdoor into a cloud environment.

Mitigation

How can an organization detect and prevent a cloud backdoor? The specifics of doing so depend on the type of cloud environment in question.

For an IaaS deployment, the process is similar to mitigating the same issues in an internal, on-premises deployment using malware prevention tools, SIEM tools, intrusion detection tools and so on. The implementation details might vary depending on the provider in use, the degree of control you have over the environment, and so forth. But, at the technical level, they operate fairly consistently with what is used elsewhere.

Nevertheless, it is useful to think these details through in a manner separate and distinct from on-premises implementations because there might be different teams supporting these environments and they may use different tools depending on usage specifics, as well as other factors.

SaaS is where it gets more complicated. There are, of course, tools in the marketplace — notably within the cloud access security broker (CASB) category — that address certain types of backdoor threats. Netskope is one such vendor. Other examples include Skyhigh Networks, CipherCloud and Symantec. These tools can help directly by finding and blocking malware, including backdoors. They can also help indirectly by monitoring cloud access and enforcing security policies in the cloud.

For those organizations that don’t use a CASB, other strategies can be useful. Keep in mind that, for a backdoor to be useful to an attacker, it must enable the attacker to command and control a targeted resource. To the extent that what they’re looking to backdoor into is an entity on a network, the internal defense strategies in place already — such as exfiltration controls, behavioral monitoring and antimalware — can help to detect and prevent this.

The broader concern would be access to those resources from devices that aren’t directly managed by the organization, such as a personal or home device belonging to an employee. Because those devices could have access to corporate resources, having a plan to help mitigate this issue is also prudent.

The short answer is that organizations should evaluate, plan and defend against backdoors in the cloud the same way they would for internal threats. The actual mechanics of how they do this will depend on the tools available and the specific cloud usage in question, but thinking it through ahead of time — particularly in light of the prevalence of backdoors as reflected in Netskope’s research — is time well spent.

Please follow and like us:
error
IT security auditing- Grayhats Best practices for conducting audits

IT security auditing- Grayhats Best practices for conducting audits

“Even if you hate security audits, it’s in your best interest to make sure they’re done right.”  –  Ameen Khan

Cyber Security Audit

The ever changing cyber-security landscape requires info-sec professionals to stay abreast of new best practices on how to conduct information security assessments. Read www.grayhats.in/blog here for updated security assessment strategies you can apply to your own organization.

None of us relishes an audit–outsiders poking around for the holes in my system? When someone says “audit,” you probably think of the surprise inspections your company’s auditors pull to try to expose IT weaknesses.

Information security assessments can be effective for identifying and fixing issues in your enterprise’s policies. Which are highly sensitive for an organisation.

But you’re the one on the hot seat if your organization gets hacked. Dont worry, call Grayhats for a an audit. If you’re responsible for information security, you should want–you should insist–on thorough annual audits. In some cases, you may have no choice. Financial institutions, for example, are required to have external auditors certify compliance with regulations such as the Gramm-Leach-Bliley Act (GLBA). Your own organization’s audit department may require it. Or potential partners or customers may insist on seeing the results of a security audit before they do business with your company and put their own assets at risk.

we at grayhats can help you with such audits.

So you bring the auditors in. But what if the auditors fail to do their job correctly? You’re still the one feeling the heat after an attacker brings your Web site down or steals your customers’ financial information.

How to manage a successful audit

Establish a security baseline through annual audits.
Spell out your objectives.
Choose auditors with “real” security experience.
Involve business unit managers early.
Make sure auditors rely on experience, not just checklists.
Insist that the auditor’s report reflects your organization’s risks.
Don’t let this happen to you.

And it won’t, if you know how to:

Choose a good auditor.
Spell out your requirements.
Make sure the audit is conducted properly.
Intelligently evaluate the ultimate deliverable–the auditor’s report. An audit can be anything from a full-scale analysis of business practices to a sysadmin monitoring log files. The scope of an audit depends on the goals. The basic approach to performing a security assessment is to gather information about the targeted organization, research security recommendations and alerts for the platform, test to confirm exposures and write a risk analysis report. Sounds pretty simple, but it can become quite complex.

 

Establish a Security Baseline

Your security policies are your foundation. Without established policies and standards, there’s no guideline to determine the level of risk. But technology changes much more rapidly than business policies and must be reviewed more often. Software vulnerabilities are discovered daily. A yearly security assessment by an objective third party is necessary to ensure that security guidelines are followed.

Security audits aren’t a one-shot deal. Don’t wait until a successful attack forces your company to hire an auditor. Annual audits establish a security baseline against which you can measure progress and evaluate the auditor’s professional advice. An established security posture will also help measure the effectiveness of the audit team. Even if you use different auditors every year, the level of risk discovered should be consistent or even decline over time. Unless there’s been a dramatic overhaul of your infrastructure, the sudden appearance of critical security exposures after years of good reports casts a deep shadow of doubt over previous audits.

If you don’t have years of internal and external security reviews to serve as a baseline, consider using two or more auditors working separately to confirm findings. It’s expensive, but not nearly as expensive as following bad advice. If it isn’t practical to engage parallel audit teams, at least seek a second opinion on audit findings that require extensive work.
Objectives: Know What You Want
Spell out what you’re looking for before you start interviewing audit firms. If there’s a security breach in a system that was outside the scope of the audit, it could mean you did a poor or incomplete job defining your objectives.

Let’s take a very limited audit as an example of how detailed your objectives should be. Let’s say you want an auditor to review a new Check Point firewall deployment on a Red Hat Linux platform. You would want to make sure the auditor plans to:

Review and document the security mechanisms configured on the Check Point firewall and the Check Point Management Station.
Review the Check Point firewall configuration to evaluate possible exposures to unauthorized network connections.
Review the Red Hat Linux OS configuration to harden it against security exposures.
Review router configuration and logging procedures.
From a security perspective, certify the firewall and OS for production.
Document disaster recovery procedures for the firewall and OS and “good housekeeping” procedures for Check Point’s Object Management.
Perform a penetration test once the firewall and OS are in production.
Hiring an Auditor
You may be tempted to rely on an audit by internal staff. Don’t be. Keeping up with patches, making sure OSes and applications are securely configured, and monitoring your defense systems is already more than a full-time job. And no matter how diligent you are, outsiders may well spot problems you’ve missed.

The Audit Report

The audit’s done, and you look at the report. Did you get your money’s worth? If the findings follow some standard checklist that could apply to any organization, the answer is “no.” If you see pages of reports generated by a vulnerability scanner, but no independent analysis, the answer is, again, “no.”

However, it should be clear that the audited system’s security health is good and not dependent on the recommendations. Remember, the purpose of the audit is to get an accurate snapshot of your organization’s security posture and provide a road map for improving it. Do it right, and do it regularly, and your systems will be more secure with each passing year.

Read more at www.grayhats.in/blog

Contact us for an Network Security Audit – www.grayhats.in 

Email – care@grayhats.in 

Please follow and like us:
error
Not sure about your network security ?  Get a network security audit done by Grayhats

Not sure about your network security ? Get a network security audit done by Grayhats

How to tackle IT audit and compliance– www.grayhats.in

A security audit is a systematic evaluation of the security of a company’s information system by measuring how well it conforms to a set of established criteria. A thorough audit typically assesses the security of the system’s physical configuration and environment, software, information handling processes, and user practices. Security audits are often used to determine regulatory compliance, in the wake of legislation (such as HIPAA, the Sarbanes-Oxley Act, and the California Security Breach Information Act) that specifies how organizations must deal with information.

Grayhats Approach for Your network Audit

According to Ira Winkler, president of the Internet Security Advisors Group, security audits, vulnerability assessments, and penetration testing are the three main types of security diagnostics. Each of the three takes a different approach and may be best suited for a particular purpose. Security audits measure an information system’s performance against a list of criteria. At grayhats.in we think a vulnerability assessment, on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. Penetration testing is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering etc. At Grayhats we use the grayhats techniques and approcahes to test your network, our certified ethical hackers test your networks rigorously. Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.

Please follow and like us:
error
What is a Hackathon? How can it help you ?

What is a Hackathon? How can it help you ?

Got a weekend to spare? You could build your career & tech skills, make something new and maybe even change the world by joining a hackathon

What is a Hackathon?

A hackathon or jam is an event where people get together to solve a challenge and create something in a very short time.

They are normally filled with coders and people who work, study or take an interest in computer technology, but hackers can come from lots of different areas and also include graphic designers, scientists, project managers, engineers and students.

Hackers work, eat and roll out their sleeping bags together in teams to develop a project, usually over 24 or 48 hours. Your task might be to create a mobile app, a game, a toy, a simulator, or a way of sharing data to help people. They are fast-paced, creative and a great way to learn.

Why do People Take Part in Hackathons?

The idea is to cram as many brains together in a small space over a day or two and see what all that combined brainpower can achieve.

Remember, the word ‘hacking’ doesn’t just mean cyber crime; it can also be about using programming to explore new ideas.

Big companies love hackathons because they are a fast and easy way to get different people working together who might not otherwise have time to share ideas. They’re also a great way to discover new talent.

NASA holds one of the largest global hackathons – the Space Apps challenge, which brings people together from all over the world to develop news ways of sharing data on earth and in space.

At the end of the day, hackathons are there to create real things and solve real problems. Some are commercial, some are for fun and many are about not-for-profit causes, so it can be a good way to find out how your technical skills could be used to improve people’s lives.

 

 

What Can I Learn from a Hackathon?

You’ll learn teamwork, communication and working to (very) tight deadlines. You should also get a chance to pick up different tech and coding skills from a range of experts.

There will often be people from different companies there so you could pick up some useful contacts to gain more work experience or even a job in future.

What are the Benefits of Taking Part in a Hackathon?

There will usually be prizes for the best ideas or the chance to get funding to develop them further and you’ll be given all the free food, tea and fizzy drinks you can handle.

You might also get some free goodies as a thank you for giving up your time.

How Much does a Hackathon Cost?

Most  are free to take part in and you can check these details when you sign up. If you just want to come and watch the action, you might sometimes be asked to pay.

Do I Need Tech Skills to Join a Hackathon?

Not always. Different hackathons look for different skills, including creative, writing and project management. When an event is posted, take a look at the brief to see who they’re looking for. You can always email the organisers to check if you can take part first too.

Taking part in a hackathon can be great, whatever career you want to go into. We’ve discovered hackathons on tourism, food, art, healthcare, energy and more so don’t be afraid to try one out!

Where Can I Find a Hackathon?

Follow Grayhats on Facebook for regular updates on hackathons.

 

Please follow and like us:
error
Cyber Security?

Cyber Security?

What is Cyber Security?

Learn about cyber security, why it’s important, and how to get started building a cyber security program in this instalment of our Data Protection 101 series.

A Definition of Cyber Security

 

Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

The Importance of Cyber Security

Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

Challenges of Cyber Security For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:
Network security
Application security
Endpoint security
Data security
Identity management
Database and infrastructure security
Cloud security
Mobile security
Disaster recovery/business continuity planning
End-user education

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

Please follow and like us:
error
WhatsApp chat