Join us on Tuesday, April 7th at 10 am PDT / 1 pm EDT to learn how the new NIST revisions will significantly impact your application security strategy in Contrast Security’s webinar, “NIST Application Security Revisions You Need to Know.”
We’ll discuss how NIST SP 800-53 Revision 5 contains two new IAST and RASP standards impact security teams and developers:
SA-11(9): “Require the developer of the system, system component, or system service to employ interactive application security testing tools to identify flaws and document the results.”
SI-7(17): “Implement [Assignment: organization-defined controls] for application self-protection at runtime.”
In this moderated webinar, we will cover a number of AppSec and DevOps questions, including:
What do each of these really mean?
What do security teams need to do to comply?
What do developers need to do to comply?
How is instrumentation the link between the two and what does this mean?
What benefits will security teams and developers realize from each?
And much more …
Our two presenters will be joined by the Editor in Chief for Contrast’s Inside AppSec Podcast, Patrick Spencer, who will the above questions and others with our expert panel. You’ll walk away knowing how you can become compliant quickly and easily.
This webinar is hosted by Contast Security, your registration information will be shared with Contrast Security.
Webinar: April 7th at 10 AM PDT/1 PM EDT
This webinar is hosted by Contast Security, your registration information will be shared with Contrast Security. You will receive communication from Contrast regarding the webinar.
With the proper tools and techniques in place, it’s possible to continue to defend your enterprise while your staff is working from home. Here are some good points to remember and share about securing mobile devices.
Now More Than Ever: Hackers Want Endpoints
Hackers understand the global pandemic we are currently experiencing. They also know that whatever you are NOT focused on defending, and they will flow like water to get to it.
Where are you not focused as a defender? That’s where the hacker will go.
Since working remotely has been mandated to slow the spread of COVID-19, focus on your users’ endpoints.
According to the 2019 Data Breach Investigations Report, 94% of all attacks start with email. Be aware that even more users will click on malicious links when they are using their mobile devices.
Mobile Devices Users are More Vulnerable to Phishing Attacks
According to a recent mobile phishing report, there is an 85% increase annually on the rate at which people are falling for phishing attacks on mobile.
Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail needed to identify phishing attacks, such as hovering over hyperlinks to show the destination.
As a result, mobile users are three times more likely to fall for phishing scams, according to IBM.
Finally, the huge amount of personal and corporate data on mobile devices is making these devices the preferred target for phishing attacks. In fact, in spite of being protected by traditional phishing protection and education, 56% of Lookout users received and tapped a phishing URL on their mobile device between 2011–2016. Fortunately, in these cases the attack was thwarted by Lookout.
Before enterprises can achieve comprehensive protection against phishing attacks across all vectors, including the mobile device, security and IT professionals need to understand how current phishing myths muddy the waters and get the facts that will help them make informed decisions on how to protect corporate data.
It’s difficult for users to keep up with the hacker’s capabilities. As a corporation, you could potentially have a team of security experts on hand that are able to research those capabilities and be able to help you put a defense strategy in place. Attackers are using the following tools to breach your mobile devices:
Remote Access Trojans (RAT)
A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program — such as a game — or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet. Source
A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal to the network, where the web shell is used to pivot further to internal hosts.
A web shell can be written in any language that the target web server supports. The most commonly observed web shells are written in languages that are widely supported, such as PHP and ASP. Perl, Ruby, Python, and Unix shell scripts are also used. Source
Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets. Other useful attacks it enables are pass-the-hash, pass-the-ticket or building Golden Kerberos tickets. This makes post-exploitation lateral movement within a network easy for attackers. Source
PowerShell Empire is a unique attack framework in that its capabilities and behaviors closely resemble those used by current nation-state advanced persistent threat actors.
Nation-state hacking groups were using PowerShell to create fileless malware that runs in a computer’s memory, without leaving any traces on disk, and using PowerShell scripts as a post-exploitation vector for moving through networks and inside workstations without triggering any security alerts.
Because PowerShell is installed by default on all Windows 7 and later versions, at the time, the app was trusted by all security products, many of which did not detect Powershell-based attacks.
Empire’s use among cybercriminals has grown so much in the past few years that in late 2018, the UK’s National Cyber Security Center included Empire on its shortlist of the five most dangerous publicly available hacking tools — together with JBiFrost, Mimikatz, China Chopper, and HTran. Source
C2 Obfuscation Tools
Attackers will often want to disguise their location when compromising a target. To do this, they may use generic privacy tools (e.g., Tor) or more specific tools to obfuscate their location.
HUC Packet Transmitter (HTran) is a proxy tool used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker’s communications with victim networks. The tool has been freely available on the internet since at least 2009.
HTran facilitates TCP connections between the victim and a hop point controlled by a threat actor. Malicious threat actors can use this technique to redirect their packets through multiple compromised hosts running HTran to gain greater access to hosts in a network. Source
How to Protect Mobile Devices for Remote Workers
For a comprehensive mobile device protection strategy, you need a tool or service for endpoints that can offer a form of antivirus, an EDR-type tool that can record and log instances for future forensics, as well as vulnerability management for mobile.
Your mobile device security strategy should provide phishing protection for: – Email – SMS – Social Media – Messaging Apps
You should also consider Mobile Threat Defense that defends against: – Application Threats – Device Threats – Network Threats
Managed Detection and Remediation (MDR) for Endpoint Security
Not only does MDR from Cybriant help reduce the time between breach and detection, we can also help stop the threat before it can fully execute.
Our experts utilize a static AI engine to provide pre-threat execution protection. The static AI engine replaces traditional signatures and obviates recurring scans that kill end-user productivity.
By tracking all processes, our team is able to detect malicious activities, and use behavioral AI technology to respond at top speed. We can detect and stop file-based malware, scripts, weaponized documents, lateral movement, file-less malware, and even zero-days.
With MDR from Cybriant, our security analysts monitor your endpoints 24/7 and filter out false positives. You’ll receive the alerts when relevant threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat.
As an extension of your team, our experts will investigate, triage, and remediate security events and provide executive-level reporting. Remediation may reveal dormant or trojan threat actors that evade network and endpoint detection solutions. Our MDR solution includes leveraging the talents of our experienced team as well as next-generation antivirus and EDR tools that utilize AI.
The MDR service from Cybriant will allow you to protect your organization’s data and reduce your threat landscape against the most advanced threats.
Cyber Risks/Criminals: The FBI reports scammers are leveraging the COVID-19 pandemic to steal your money and your personal information, or both. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information to receive money or other benefits.
The FBI advises you to be on the lookout for the following:
FAKE CDC EMAILS – Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
PHISHING EMAILS – Look out for phishing emails asking you to verify your personal information to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information to send you money. Phishing emails may also claim to be related to charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits.
COUNTERFEIT TREATMENTS OR EQUIPMENT – Be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves. More information on unapproved or counterfeit PPE can be found at www.cdc.gov/niosh. You can also find information on the U.S. Food and Drug Administration website, www.fda.gov and the Environmental Protection Agency website, www.epa.gov. Report counterfeit products at www.ic3.gov and to the National Intellectual Property Rights Coordination website at iprcenter.gov
Best Practices for Companies: Attached is a one-page document, developed by InfraGard National Board Director Rusty Sailors and his company, listing best cyber practices for companies to adopt, to ensure their information is kept safe and secure at all times.
In addition to those recommendations, the FBI is reminding people to always use good cyber hygiene and security measures. By remembering the following tips, you can protect yourself and help stop criminal activity:
Do not open attachments or click links within emails from senders you don’t recognize.
Do not provide your username, password, date or birth, social security number, financial data, or other personal information in response to an email or robocall.
Always verify the web address of legitimate websites and manually type them into your browser.
Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in “.com” instead
As the world is responding to the global response for remote work options, we’re here to provide guidance and stability during these trying times.
Whether provisioning corporate laptops or allowing employees to use personal devices, hastily extending a remote work option can leave your organization vulnerable in terms of security.
Here are a few items to consider:
Remote Basics – A computer – A secure internet connection – Chat and conferencing applications – A dedicated workspace – A phone and a camera – Self-motivation and discipline – A strict routine
Require VPN access for internal networks A VPN encrypts your corporate traffic to avoid man-in-the-middle attacks or eavesdroppers
Update Password Policies Make sure your employees understand and comply with your password policies. This might be the best time to start with new strong passwords across the company.
Separate User Account If your group in using their own devices, require a new user account to be set up for work use only. This separation will help both privacy and security.
Invest in full-featured endpoint security for home workers Home systems are varied and more often than not, are not up to the job of protecting your company’s assets. The best options would still be business-class endpoint security that can be managed by your IT team that leverages a firewall, protection from malicious websites, and malware.
Require multi-factor authentication Your best defense against cyber criminals that may utilize brute-force techniques or stolen credentials.
Require encryption If employees are working on sensitive files or downloading files to their personal devices, provide an encryption solution while requiring separation of personal files.
Keep machines up to date It is difficult to know how well employees keep their home machines up to date. Enable automated updates on all of their systems to be sure they are current with all security measures.
Employee Training COVID-19 Scams are on the rise and are becoming more sophisticated. Remote workers’ habits and behaviors can become lax when it comes to clicking on links. Provide a refresher to help avoid the human element that cybercriminals attempt to exploit. Consider running a campaign and training course before employees begin working remotely or shortly thereafter.
Coronavirus has prompted tech companies to ask employees to work from home and this trend is likely to grow.
Join us on April 2 as Cybriant CTO, Andrew Hamilton, and Director of Managed Services, Byron DeLoach, walk through the importance of security while social distancing. They will dive deeper into remote workers, ransomware, and remediation.
Join us for an afternoon of live streaming content as we talk to experts about the cybersecurity challenges of working from home and life under quarantine.
This is an engaging summit. We want you to contribute to the conversations through live chatting in the comment section with your thoughts and questions.
Register now to receive Summit updates, reminders and a chance to win a $50 amazon gift certificate!
Tentative Agenda – Updates will be issued through our newsletter
11:00AM – 11:45AM: Executive’s POV: How to Secure Your Organization While Transitioning to a Remote Workforce 11:45AM – 12:00PM: Break and message from our partners 12:00PM – 12:45PM: Ethical Hacker’s POV: Potential Vulnerabilities in a Distributed Workforce 12:45PM – 1:00PM: Break and message from our partners 1:00PM – 1:45PM: Impacts on Election Security 1:45PM – 2:00PM: Break and message from our partners 2:00PM – 2:45PM: Remote Security Operations, Building Muscle Memory 2:45PM – 3:15PM: Break and message from our partners 3:15PM-4:00PM: Attacker Economics 4:00PM-4:15: Summary and Amazon Drawing
24/7 Cyber Threat Detection Agency Helps Promote Business Continuity and Public Health by Enabling Secure Work-From-Home
Alpharetta, GA – March 24, 2020 – Cybriant, a leader in cybersecurity services, has announced free access to their 24/7 Managed Detection and Remediation (MDR) service.
Cybriant is working with SentinelOne, the autonomous cybersecurity platform company, to make Cybriant’s MDR Core service available free of charge for a limited time, enabling enterprises to secure remote work as the world combats COVID-19. This offering will be free for service implemented Monday, March 16 through Friday, May 15, 2020. Cybriant’s 24/7 monitoring and remediation service will be free for 60 days after the initial installation of SentinelOne.
Many cybercrime groups are capitalizing on COVID-19 concerns to deliver new malware payloads and test new techniques. “It is a sad reality that even at this time when most of the world is focused and united on containing and defeating COVID-19, cybercriminals are seeking advantage in the disruption” said Jeff Uhlich, CEO, Cybriant. “At Cybriant we want to do our part to assist organizations through what we all hope is a short transitional period by better securing their businesses from vulnerabilities created by the move to a remote workforce.”
As part of this free offering, Cybriant will provide:
SentinelOne Core: licensing of AI-powered prevention, detection, and automated response in a single, autonomous lightweight agent; legacy antivirus replacement across Windows, Mac, and Linux operating systems with no connectivity or network dependency
Cybriant Deployment Services: remote deployment assistance to ensure rapid installation
Cybriant 24/7 Monitoring and Remediation Services – When a credible threat is detected, our team will retrieve the process history and analyze the chain of events in real-time to determine the validity of the threat. Once identified, the malicious activity is immediately stopped in its tracks and our team ensures remediation.
Working together the world can defeat COVID-19, and Cybriant would like to do its part to help businesses safely conduct operations during this unprecedented time.
Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, operation, and monitoring of their cyber risk management programs. We deliver a comprehensive and customizable set of strategic and managed cybersecurity services. These services include Risk Assessments, vCISO, 24/7 Managed SIEM with LIVE Monitoring and Analysis, 24/7 MDR, 24/7 Vulnerability Scanning with Patch Management. We make enterprise-grade cyber security strategies and tactics accessible to businesses of all sizes. Find out more at https://www.cybriant.com.
SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.