Font Size: A A A

Case Studies

Cyber round-up

ICS (industrial control systems) cyber security threats remain high and are growing in severity, according to the SANS 2021 OT/ICS Cybersecurity Report by the info-security training body. In response, a growing majority of organisations have significantly matured their security postures since the last SANS survey in 2019. Still, almost half (48pc) don’t know whether their IT has been compromised. The Nozomi Networks-sponsored survey echoes the network firm’s experiences with customers worldwide.

Nozomi Networks Co-founder and CPO Andrea Carcano said: “It’s concerning to see that nearly half of this year’s survey respondents don’t know if they’ve been attacked when visibility and detection solutions are readily available to provide that awareness.

“Threats may be increasing in severity, but new technologies and frameworks for defeating them are available and the survey found that more organisations are proactively using them. Still, there’s work to be done. We encourage others to adopt a post-breach mindset pre-breach and strengthen their security and operational resiliency before an attack.”

Ransomware and financially motivated cyber crimes topped the list of threat vectors (54.2pc) followed by nation-state sponsored cyber attacks (43.1pc). Unprotected devices and things added to the network came in third. Of the 15pc or about one in seven of survey respondents who indicated they had experienced a breach in the last 12 months, about one in six, 18.4pc said the engineering workstation was an initial infection vector. In general, external connections are the dominant access vector (49pc) with remote access services identified as the most prevalent reported initial access vector for incidents (36.7pc).

Remote and hybrid work strategies are here to stay and so will the risks they introduce unless businesses get a handle on what their new attack surface looks like, said a cyber firm. A study was commissioned of more than 1,300 security people, business executives and remote employees, including 168 respondents in the UK, by Forrester Consulting on behalf of Tenable.

Amit Yoran, CEO, Tenable said: “This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”

Hybrid work and a digital-first economy have brought cyber, and moving business-critical functions to the cloud, to the fore, according to the cyber firm, David Cummins, VP of EMEA, Tenable, said: “The reality has seen the corporate attack surface explode, with many organisations still struggling to understand and address the risks introduced. Managing the plethora of technologies is now necessary to ensure enterprises aren’t left vulnerable and susceptible to cyber attacks.”

Bad actors looking to cause the most collateral damage focus efforts on internet components such as DNS servers, virtual private network (VPN) concentrators, services, and internet exchanges. Ransomware has become big business. Extortionists add DDoS to their attack methods to add to the pressure on victims. Triple extortion combines file encryption, data theft, and DDoS attacks. These were among findings from the NETSCOUT 1H2021 Threat Intelligence Report.

Richard Hummel, threat intelligence lead, NETSCOUT, said: “Cybercriminals are making front-page news launching an unprecedented number of DDoS attacks to take advantage of the pandemic’s remote work shift by undermining vital components of the connectivity supply chain.

“Ransomware gangs added triple-extortion DDoS tactics to their repertoire. Simultaneously, the Fancy Lazarus DDoS extortion campaign kicked into high gear threatening organisations in multiple industries with a focus on ISPs and specifically their authoritative DNS servers.”

LastPass by LogMeIn has released its fourth Psychology of Passwords global report.

It found that while most, 92 per cent of people know that using the same password or a variation is a risk, 65 percent still re-use passwords across accounts, drastically increasing the risks to their sensitive information. While consumers have a solid understanding of proper password security and the actions necessary to minimise risk, they still pick and choose which information they apply that knowledge to, according to the report.

Dan DeMichele, VP of Product Management for LastPass said: “Our latest report showcases the impact of the COVID-19 pandemic amid the increased time we spent online – which has in turn, increased our vulnerability to potential hackers.

“As we continue to grow our online presence, we need more robust protection for our online information. One way to combat this is by investing in a password manager which can be used to store your personal and digital information safely. As a business or IT lead, adding an additional layer of security, including multi-factor authentication or single sign-on options, will help to ensure that your employees are the only ones accessing their information.”

To read the full paper, visit https://www.lastpass.com/resources/ebook/psychology-of-passwords-2021.

Webroot has released its annual AI and machine learning (ML) report on how IT people perceive and use these technologies in business. While 95pc, near all, of UK IT decision makers use AI/ML, over half (58pc) admit they are unsure what the technology means.

A lack of understanding may be why the UK was the country where enterprises were most likely to cite incorrect tools as the reason they were unable to prevent a cyber attack in the last year.
With the UK out of lockdown and more businesses adapting a new ‘hybrid’ way of working, it’s never been more important for employers to leverage AI and ML tools to maintain cyber resilience.
And it’s clear from these results that businesses need to do more to ensure staff are properly educated on how to use the cybersecurity tools at their disposal effectively.

Matt Aldridge Lead Solutions Consultant, Carbonite + Webroot, said: “It’s clear from these findings that there is still a lot of confusion around artificial intelligence and machine learning, especially when it comes to the benefits of the technology.

“But with cyberattacks and other data threats on the rise, coupled with the challenges of managing a remote or hybrid workforce post-pandemic, it’s crucial that businesses improve their understanding of these tools and pair them with backup and disaster recovery solutions. By doing so, they’ll be able to improve security, maintain cyber resilience and ensure service availability.”

IP addresses

IP address abuse comes in many forms, according to an Internet Protocol marketplace. If a company experiences IP address abuse, its reputation could be in serious danger, says Gustavas Davidavicius, Abuse Prevention Team Lead at IPXO.

He says: “One example could be the repercussions of a DDoS attack businesses face. If the IP range that a company uses is listed in ‘Spamhaus’, one of the biggest blocklists on the internet, they wouldn’t be able to send emails outside of their network and the price of the IP range would fall.

“It’s also very important to react fast on the abuse reports – the longer it’s ignored, the bigger chance the IP address will be listed on the block-lists, causing major problems for the businesses. There’s difficulty in it, however, as it’s not easy keeping on top of cyber threats and making sure each one of them is being caught and properly handled.”

Amazon Web Services latest

Starting in October, Amazon says, it will make available to the public the cyber security training materials it has developed to keep its employees and sensitive information safe from cyber attack. For personal documents, proprietary customer information, companies’ technology infrastructure assets) stronger tools are needed to protect data. Qualified AWS account holders can receive a MFA (multi-factor authentication) device at no extra cost. AWS users with access to the AWS Management Console can authenticate themselves by typing in their passwords and then simply touching the MFA security token plugged into their computer’s USB port. The free MFA token adds a layer of security to protect customers’ AWS accounts against phishing.

Steve Schmidt, Chief Information Security Officer of AWS, says: “A fundamental problem when addressing current cybersecurity threats is education, which is why we’re excited to share our Amazon Security Awareness training for free to help organizations and individuals understand how to navigate and fight against security events. And by giving qualified AWS customers access to free MFA tokens, we’ve made it even easier for companies to use this powerful tool to protect their data and important technology assets.”


Tags

Related News