4 Ways to Reduce the Negative Impact of Cyber Attacks

by Crystal Nichols | Sep 19, 2019

Cyber attacks are one of the most dangerous threats that businesses face each day. These cyber-attacks can lead to high costs and many hours of downtime while also devastating your reputation with clients.

Understanding the most effective ways to reduce the impact of these malicious attacks is essential in keeping your company well-protected from these evolving threats in the workplace.

A managed IT service provider can play a big role in keeping you protected from the schemes of these cyber criminals while also minimizing the impact of any cyber threat.

Here are four ways an IT service provider can reduce the impact of a cyber-attack in today’s workplace.

#1 Modify Your IT Security Plan

It’s possible to lay a security foundation to prevent, detect, and remediate cyber attacks. Consider a service like CybriantXDR that includes 24/7 security monitoring, patch and vulnerability management, and managed detection and remediation. Learn more about CybriantXDR here.

Cybersecurity is always evolving due to the ever-growing number of threats businesses face in the workplace. Keeping your IT security up to date is essential in reducing the impact of a cyber-attack. A managed service provider can help ensure that everything is in place for maximum protection.

Access to the latest anti-malware software, email spam protection, and automatic security updates all play a key role in keeping your company safe from the devastating impact of a cyber attack.

#2 Create a Cyber Incident Response Plan

Creating a cyber incident response plan is highly effective in limiting the success of a cyber attack against your business. A managed service provider can develop a wide variety of cyber incident response plans to help you quickly recover data and reduce the amount of downtime for your company.

A managed service provider will also update these cyber incident response plans on a regular basis to ensure that everything remains up to date.

With Incident Response and Containment Services, you can take your incident response plan a step further. We can help you actively block and terminate cyber attacks.

#3 Develop a Backup and Disaster Recovery Plan

A backup and disaster recovery plan is crucial due to the wide range of threats businesses face on a daily basis. Cyber attacks aren’t the only reason for data loss, as power outages, natural disasters, employee mistakes, and hardware failure can also lead to the loss of critical information.

An IT service provider can help you plan for a wide range of scenarios while uploading all of your essential data onto the cloud for an extra layer of protection. Cloud technology will give you the peace of mind to know that you can quickly recover your information at any time.

#4 Invest in Cybersecurity Tools

Investing in the latest cybersecurity tools is an excellent way to prevent or quickly recover from a cyber attack against your business. Vulnerability detection and the around the clock monitoring services from an IT provider are a few of the most effective ways to keep your company safe from cybercriminals.

A managed service provider can also use penetration tools to identify any areas of weakness within your IT infrastructure. Continually focusing on cybersecurity makes it much more difficult for hackers to become successful while also allowing your business to quickly bounce back from any cyber attack.

Cyber Attacks: Conclusion

Cybersecurity will continue to be a top concern in the workplace due to the prominent role of technology in today’s work environment. A managed security service provider like Cybriant can help you quickly recover from cybersecurity incidents while also significantly reducing the negative impact of these attacks.

Changing your IT security, developing a cybersecurity incident response plan, creating a backup and recovery program, and investing in the most recent cybersecurity tools are all essential items from a managed service provider.

The CEO’s Guide to Penetration Testing

PREtect: The Ultimate Cybersecurity Tool

More Info

Capital One Data Breach: Importance of Cybersecurity Basics

by Andrew Hamilton | Aug 1, 2019

By now you’ve heard of the Capital One Data Breach that happened on July 29, 2019, where a hacker gained access to 100 million Capital One credit card applications and accounts. Read more about the thoughts from Cybriant’s Chief Technology Officer, Andrew Hamilton.

My first reaction when I saw that the Capital One data breach has been the same as many of you: someone misconfigured something and a former employee knew that misconfiguration.

What we most commonly see as a security company when organizations move to the cloud is the expectation that the cloud provider (AWS, Azure, Google) will automatically understand and take into account any security threat vector which may be particular to an organization.

Unfortunately, they can’t work in that manner because requirements and environments will always differ from one organization to the next. What may be a potential threat vector to Capital One could be required functionality to another organization.

And so, the cloud providers afford their customers a high degree of flexibility, but they state in their Terms of Service (and recommendations) that the customer is responsible for securing their tenant.

Similarly, when we monitor a customer’s environment one of the first things we check for is whether we see customer endpoint devices utilizing external DNS servers instead of the official internal company DNS servers.

Malware loves to exfiltrate data via DNS because most of the time UDP/TCP 53 is wide open to the Internet. And while there are certainly ways to exfiltrate data via valid CNAME and TXT records (which require additional techniques to monitor/block such as RPZ records) those are computationally less efficient than simply blasting data via a commonly trusted port DNS port and bypassing HTTPS SSL inspection.

There was an excellent article at InfoSecurity Magazine yesterday on the top 5 penetration test discoveries (link: https://www.infosecurity-magazine.com/news/95-test-problems/).

All five boil down to good Systems Administration hygiene. They aren’t as “sexy” as buying a Palo Alto and bragging about it to friends, but instead are things that are often left by the wayside (requiring complex passwords, simple patch management, etc).

What can be even more puzzling is when we see organizations who want a VERY expensive penetration test, and yet they haven’t even begun resolving the issues found from their vulnerability scanner. Unfortunately, this is the norm that we see across industries and company sizes.

To avoid a Capital Bank data breach at your organization, read to the end to see our recommendations.

Related: Top Cyber Security Websites

Capital One Data Breach Facts

On July 29th, 2019 Capital One Financial Corporation, a US-based bank holding company specializing in banking, credit cards, loans, and savings, today released a statement1 regarding the detection of a breach resulting in unauthorized access to personal data about over 100 million Canadian and US credit card applicants and customers.

The breach is believed to be one of the largest in the history of the banking industry;
According to the statement, Capital One does not believe the compromised data has been used fraudulently;
Capital One became aware of the breach following a responsible disclosure email alerting them to potentially leaked data on a GitHub account associated with the alleged threat actor (TA);
The breach reportedly exploited a configuration vulnerability in Capital One’s infrastructure, including at least one known firewall misconfiguration, permitting access to customer data stored on Amazon Web Services (AWS) cloud;
US Law Enforcement arrested an alleged TA, ‘Paige Adele Thompson’, a former Amazon Inc. employed S3 Systems Engineer2, also known as ‘Erratic’, in Seattle, WA (US) on suspicion of ‘Computer Fraud and Abuse’ as filed3 in a criminal complaint with the US District Court for the Western District of Washington at Seattle;
The hack is expected to cost the company up to $150 million in the near term, including paying for credit monitoring for affected customers.

Scope of breach

Personal data of more than 100 million US and 6 million Canadian customers (consumers and small businesses) including approximately: o 140,000 US Social Security numbers
- 1 million Canadian Social Insurance Numbers (SIN);
- 80,000 US bank account details;
- Names, addresses, phone numbers & dates of birth;
- Self-reported income;
- Credit scores, limits, balances & payment history.
Stolen information about credit card applications from 2005 through 2019.

Capital One Data Breach Timeline

12 March – 17 July 2019 – Period in which unauthorized access to Capital One’s infrastructure likely occurred;
22 March 2019 – Capital One access logs confirm unauthorized access to AWS from a compromised account;
21 April 2019 – Timestamp associated with leaked data hosted on GitHub in addition to unauthorized activity recorded by Capital One logs;
26 June 2019 – Posts on a Slack channel associated with, and using an alias of, the TA include screenshots and directory listings of files belonging to Capital One and other potential victims;
17 July 2019 – Responsible disclosure email received by Capital One, alerting them to ‘leaked s3 data’ hosted on a GitHub Gist account believed associated with the threat actor;
18 July 2019 – Direct messages posted by the TA suggest that they were prepared to distribute the stolen data;
29 July 2019 – US FBI agents arrested the TA and Capital One release a public statement about the breach (also establishing a dedicated data breach webpage4 with an FAQ for potentially affected customers).

Cybriant Recommendations:

Organizations using cloud-based services, such as Amazon S3, should ensure that assets are correctly configured to prevent inadvertent or unauthorized access to sensitive data. Cloud providers will provide documentation detailing identity and access policy configurations that can restrict access, be that by the user, file, bucket, or organization.
Patch Management is a vital service that is often overlooked or taken for granted. Cybriant offers a Responsive Patch Management service that will take the guesswork out of the administrivia of this task and maintain a healthy network.
Vulnerability scans may catch the majority of issues, but these need to be done continuously. If you are only scanning once a year or quarter, that leaves a long period for hackers to use those vulnerabilities for malicious purposes. The alerts that come from the scans need to be remedied. Our Risk-Based Vulnerability Management service will aid your team to identify vulnerabilities to protect your network.
Logging any incidents in your network is the best way to protect against advanced persistent threats, including insider threats. Our Managed SIEM with 24×7 Security Monitoring service is not only a potential compliance requirement but will address and resolve the most complex cyber risk issues.

Sources:

http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043
https://www.linkedin.com/in/PaigeAdeleThompson
https://www.justice.gov/usao-wdwa/press-release/file/1188626/download
https://www.capitalone.com/facts2019/

The Financial Industry’s Biggest Threat

Introducing PREtect: Tiered Cyber Risk Management Service

Affordable, Flexible Subscription-Based Service

Webinar: The Cyber Attacker’s Advantage

by Crystal Nichols | Oct 19, 2018

The Report: Quantifying the Attacker’s Advantage

Tenable Research has just released a report on the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed.

For this study, Tenable analyzed the 50 most prevalent critical and high-severity vulnerabilities from just under 200,000 vulnerability assessment scans over a three-month period in late 2017 to anchor the analysis to the real world. We used these vulnerabilities to derive the “time to exploit availability” and “time to assess” to calculate the median delta.

Join the webinar: The Cyber Attacker’s Advantage for a LIVE review of the research.

Attackers are racing ahead

Our analysis shows that the median delta was -7.3 days. The median time to exploit was 5.5 days, compared to a median time to assess of 12.8 days. On average, this gives attackers a seven-day head start on the defenders.

The delta was negative for 76 percent of analyzed vulnerabilities. So, on a vulnerability-by-vulnerability basis, the attackers seize the first-mover advantage more often than not.

When the delta was positive, it was usually because it took so long for an exploit to become available – rather than the defenders’ speedy scanning frequency. The fact that for 34 percent of the analyzed vulnerabilities, an exploit was available on the same day the vulnerability was disclosed is sobering. But it really gets interesting when we drill down into the individual vulnerabilities.

Twenty-four percent of the 50 most prevalent vulnerabilities we analyzed are actively being exploited in the wild by malware, ransomware or exploit kits. A further 14 percent were sufficiently critical to be discussed in the media. The sample set contained vulnerabilities being targeted by the Disdain and Terror exploit kits, Cerber, and StorageCrypt ransomware and even by APT groups such as Black Oasis to install the FinSpy surveillance software.

Find out more Vulnerability Management from Cybriant

Cybriant PREtect Vulnerability Management

Top 2 types of attacks

by Crystal Nichols | Feb 12, 2018

According to HIPAA, all covered entities and their business associates are required provide notification following a breach of unsecured protected health information.

These breaches of unsecured protected health information affecting 500 or more individuals are then posted on HHS.gov.

What is considered a breach? A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.

The top two types of breaches

According to the report that lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights, the top two types of attacks are hacking at 32.6 percent and unauthorized access at 21.3 percent.

Unauthorized access was added in 2016 when the ITRC noticed that the term Unauthorized Access/Disclosure was being used in a significant number of breaches posted on the HHS.gov website as well as in other notifications.

Definitions

Hacking: includes phishing and ransomware, is readily recognized as a malicious intrusion to access a company’s data, whether it’s personal or business related.

Unauthorized Access: defined as breaches which involve some kind of access to the data but the publicly available breach notification letters do not explicitly include the term hacking.

According to the January 2018 report from ITRC, the number of data breaches in the medical/healthcare industry dropped slightly from January 2017 from 29.1% to 28.9%.

Medical/Healthcare
# of Breaches: 31
# of Records: 232,589
% of Breaches: 26.7
% of Records: 7.4%

Protect your data

The time is now to begin a proactive approach to cyber risk management. Here are the steps we recommend:

1. Find out where your security gaps are.
2. Improve and harden your organization’s security program.
3. Strengthen your human firewall.
4. Monitor your security infrastructure.
5. Make sure data is accessible no matter what.

Phish Your Users

Find out what percentage of your employees are Phish-prone.

Free Tool

REPORT: January 2018 Breaches

by Crystal Nichols | Feb 5, 2018

The numbers are in! The Identity Theft Resource Center (ITRC) has captured 116 total data breaches in January 2018 in the 2018 ITRC Breach Report. The numbers are down a very small amount from January 2017. Educational and Medical industry breaches are down. But, the number of data breaches in the Business, Government, and Financial Services industries have all increased.

The number of records exposed in January 2018 is 3,158,441. As you can see in the Data Breach Stat Report, most breaches do not know the number of records that were exposed.

Please note, these are published breaches. The ITRC Breach database is updated on a daily basis. Unless noted otherwise, each report includes U.S. breaches that occurred in the year of the report name (such as “2018 Breach List”), or became public in the report name year, but was not public in the previous year. Each item must be previously published by a credible source, such as Attorney General’s website, TV, radio, press, etc. The item will not be included at all if ITRC is not certain that the source is real and credible.

What is a breach?

The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, drivers license number, medical record or financial record (including credit/debit cards) is potentially put at risk because of an exposure.

Breach Categories

Banking/Credit/Financial
# of Breaches: 7
# of Records: 119,279
% of Breaches: 6.0%
%of Records: 3.8%

Business
# of Breaches: 62
# of Records: 2,024,319
% of Breaches: 53.4
%of Records: 64.1%

Educational
# of Breaches: 7
# of Records: 282,463
% of Breaches: 6.0%
%of Records: 8.9%

Government/Military
# of Breaches: 9
# of Records: 499,791
% of Breaches: 7.8%
%of Records: 15.8%

Medical/Healthcare
# of Breaches: 31
# of Records: 232,589
% of Breaches: 26.7
%of Records: 7.4%

Totals for All Categories:
# of Breaches: 116
# of Records: 3,158,441
2018 Breaches Identified by the ITRC as of 1/31/2018

The Threat of Hacking continues

Hacking attacks continue to be the most common type of attack at nearly 30 percent of the total number of breaches. Of these, 10.3 percent involved ransomware/malware and 8.6 percent employed phishing tactics. Breaches identifying unauthorized access to the method of attack represent more than 23 percent of the overall number of breaches so far this year. The number of notification letters received by various Attorneys General offices identifying unauthorized access has jumped considerably over last year.