SEARCH
1272 Bond Street, Naperville, IL 60563 630-505-7500
Security
Article by ATI partner Dan Kaplan of Trustwave

 

Cybercriminals aren’t going to exert more effort than they have to. For all the talk of the sophisticated investment required to discover and exploit vulnerabilities to obtain a foothold into a targeted environment, email remains a perfectly welcoming – and far more time- and cost-effective – medium.

The payoff is simply too good for cybercriminals. Of course, that doesn’t mean attackers aren’t shifting tactics or developing innovative ways to take advantage of this low-hanging fruit and stay one step ahead of the defenders.

As always, knowledge is power when it comes to combatting the latest cyberthreats. Here is what Trustwave SpiderLabs incident investigators are seeing in the world of email.

 

1) Sextortion Messages

There is a rise in email-based blackmail, in which malicious senders attempt to trick users into believing that an attacker has obtained embarrassing information about them visiting pornographic websites and has collected pictures and audio from a hacked webcam. The sender threatens to release the allegedly compromising content to everyone in the victim’s contact/friend list or upload to their social media profile unless a payment is made (usually in cryptocurrency). For additional reading on this particularly terrifying threat, our Fahim Abbasi covered produced two blog posts.

2) IoT Botnets Delivering Spam

A collection of compromised IoT devices can form a formidable botnet (as was evident when Mirai arrived on the scene in late 2016) and the susceptibility and sheer growth of connected smart devices is providing a conducive pathway for more to emerge. Most of the action we have observed has been because of home routers, which failed to undergo proper patching as these devices rarely receive any kind of support after their release. Many of 2018’s biggest botnets used 5- or even 8-year-old vulnerabilities in router/modem firmware. These include Pitou, Type52 and Xinbot

3) A New Host Nation

Brazil has risen as a new source of phishing and banking attacks. Campaigns from this country were mainly targeting Latin American financial institutions, but customers from other regions, predominantly North America and EMEA, were affected as well.

4) File Extensions

As more users are trained to recognize tell-tale signs of phishing and spam, such as misspellings, grammatical errors and language issues, well-crafted messages greatly increase attack success rates, as do the usage of popular file types, a common way for malicious actors to mimic third-party communication and avoid detection by traditional email security. Most attachments used in malicious email files continue to be file formats related to message visual aspects (.gif .js) and MS Office documents (.xls and .doc) with malicious macros.

5) Emotet

This banking Trojan obtains financial information by injecting computer code into the networking stack of an infected computer, allowing sensitive data to be stolen via transmission. Emotet is often concealed in documents delivered through emails that pretend to be from financial institutions. The emails came with a Word document embedded with malicious macro code. Once executed, the code downloads and runs Emotet. The malware is not the final payload, though, as it acts as a downloader for additional malicious code.

6) Supply Chains

Attackers are increasingly use the supply chain in their email evil-doing, utilizing legitimate business partners – which are the victim of an initial attack – to distribute phishing/spam emails by using compromised legitimate addresses. Most of these third-party companies are unaware that they were spreading malware to all their business contacts. This approach increases ingress success rates for attackers by adding a “trusted” source of communication.



Article by ATI partner Dan Kaplan of Trustwave
0

Network Services

Software Defined Secure Branch is a purpose built solution designed for businesses and organizations with complex multi-location IT management needs and the desire for more visibility, security protection, and control of their network. Once in place, it helps keep the network secure and accessible through a combination of simplified management, the intuitive software defined wide area network (SD-WAN) solution, and security.

Branch or remote office network architectures have barely changed for 15+ years. The digital enterprises of today need a network landscape that is built for the demands of the workloads of today – a network that is agile, intelligent, secure and reduces operational complexity while being cost-effective.  By 2021, 10% of midsize and large enterprises will have transitioned from piloting (during 2017) to using on-demand SDN-enabled services (Gartner, 2018 SAM Market Opportunity Forecast Readout – Network).

“Software Defined Secure Branch lets our customers focus on their business or organization as first priority, leaving the IT to us,” said Victoria Lonker, Verizon’s vice president of global products and solutions. “The simple, intuitive experience delivers rapid provisioning of new branch locations, a mobile management app, service health, application visibility and the security controls needed to protect the business.”

Verizon’s Software Defined Secure Branch, offered with Versa Networks, provides:

  • Video and cloud-based service performance leveraging SD-WAN to automatically adapt the network to help improve application performance.
  • Business continuity benefits through enterprise-grade connectivity and Verizon’s robust 4G LTEnetwork for active backup.
  • Bundled security through Verizon’s comprehensive threat management and end-to-end network encryption.
  • An application-centric network on Verizon’s sophisticated and managed infrastructure driving an enhanced user experience.
  • Intuitive mobile app-based service management and continuous monitoring capabilities for the service.
  • The service is easily accessible through the Verizon Enterprise Center online user experience portal that unifies the purchase, deployment, and management. The visibility provided through the portal gives business owners the tools needed to deliver on a better customer experience.
  • “SD-WAN is a powerful and complex solution with many moving parts. Verizon’s offer is a simple yet flexible way for businesses and partners to get technology at the level of features they need, and expand into new features as they need them,” said Brian Washburn, Practice Leader, Network Transformation and Cloud, Ovum.

Adopting Verizon’s Software Defined Secure Branch gives organizations a network landscape that is built for the digital enterprises of today. It maintains application performance and delivery, provides flexibility to easily integrate and scale the right security functions alongside advanced networking capabilities, and offers agility and better cost management.

0

Network Services

The availability of fiber has exploded in the past year or so, a result of massive efforts and capital investments by all the major telecom and cable companies in a bid to replace their current network assets, which are costly to maintain and rapidly becoming outdated.

Incumbent local exchange carriers (ILECs) have been taking a beating by local cable companies offering inexpensive big-bandwidth cable solutions. As a result, these carriers, with their older and more unreliable copper network assets, are often hard-pressed to deliver comparable connectivity speeds and have decided to fight back with fiber, often waiving the large up-front construction fees that have previously made the investment in fiber cost-prohibitive.

ILECs have also established Network Peering Relationships that enable them to participate in the increasingly competitive marketplace across the country. In other words, rather than only one option for fiber in your neighborhood, there could be multiple providers able to offer the same services, thus making pricing more competitive. 

Here, we’ve complied six reasons that you should discuss the switch to fiber from coax with your team and what types of businesses can benefit from this change, now.

1. Speed

Sandisk research indicates that slow internet connections cost employees one week per year in productivity. Think about that. While delays due to slow internet may seem negligible, over time, they add up. An organization shouldn’t notice Internet slow-downs during periods of high demand; similarly, Internet connections should never inhibit productivity.  

Fiber-optic Internet is exponentially faster than even the highest-speed coax connection, with options ranging from 5Mbps to 100 Gbps.

2. Reliability

Fiber Internet connectivity is stronger than copper coax and therefore has significant advantages in reliability, such as negligible vulnerability to inclement weather conditions. In a coax situation, however; weather can damage or stall data transmissions via copper cabling. Additionally, unless the fibers are physically cut, fiber is resistant to human or electrical interference, and fiber Internet signals do not degrade or disappear due to electromagnetic interference.

Indisputably, unreliable Internet connections can have real costs to businesses. If a business requires a reliable Internet connection to make phone calls or access applications, reliability is an absolute necessity. For any business, really, unplanned downtime can bring operations to a screeching halt, impacting productivity and potentially revenue.

3. Bandwidth

Although fiber-optic Internet for business isn’t truly unlimited, the bandwidth availability is substantially higher than cable Internet bandwidth where it’s fairly easy to “hit the cap” on your monthly bandwidth allotment, particularly for businesses with a high need for data transmissions.

If your users habitually perform any of the following activities, a considerable amount of demand is repeatedly being placed on the company’s bandwidth:

  • File sharing
  • Web conferencing
  • Streaming HD video
  • Accessing cloud applications
  • SIP trunking


Look out for the warning sings of low bandwidth availability: delays, slow speeds and pixelated video quality. If a company’s current Internet connection just isn’t cutting the mustard, they could benefit significantly from an upgrade to a fiber-optic Internet connection.

4. Latency

The delays that occur while processing data over an Internet connection are considered latency. Users can experience many delays on cable Internet, most notably when uploading or downloading video or high-definition content. Though they may not be streaming House of Cards on Netflix in their office, latency impacts a business in a variety of ways. Decreasing latency can benefit your business by:

  • Improved collaboration between employees
  • Upload and download large files without disruption or delays
  • Move more applications to the cloud
  • Improved voice quality for VoIP users


5. Security

The average cost to a business from an information security breach is $3.8 million, and companies who have protected information leaked can face stiff financial penalties and customer defection.

Unfortunately, it’s fairly easy for hackers and other nefarious cyber-criminals to gain access to sensitive information with cable Internet as a result of cable tapping or other fairly simple techniques. On the other hand, the only way to infiltrate a fiber-optic Internet is to physically cut the wires, causing the signal to vanish; therefore, a fiber Internet connection is one of the single most powerful ways to increase a company’s protection against cyber-crime.

Although the media might focus on breaches of high-profile enterprise corporations, companies of all sizes are vulnerable to attack. Numerous SMB’s lack the money and resources to invest heavily in security, and many also have an “it can’t happen to me” type of mentality. The truth is quite the opposite, though. In reality, the likelihood of an SMB experiencing a cyber-attack or data breach is over 50% (Penemon Institute, 2017).


While upgrading to fiber Internet connectivity won’t prevent all risks, it can certainly be an initial step to protect them. Like a suit of armor, the knight may still get struck with his opponent’s sword, but he’s far less likely to be hit in a vital organ.

6. Cost-Efficiency

As previously mentioned, ILEC’s are taking strides to make the transition to fiber more affordable with Network Peering Relationships as well as a willingness to, in some cases, absorb the initial construction costs, which could save thousands of dollars in up-front capital expenditure.

While still more expensive than coax, fast Internet is frequently thought of as a “productivity tool” for business—and a necessary one at that. Loss of productivity can multiply across an organization: the number of employees that a slow Internet connection impacts relative to an average of a week’s lost wages for each of them over the course of a year…suddenly an investment in fiber sounds more affordable.

Additionally, businesses can gain flexibility and scalability with fiber. As an ever-increasing number of business functions are being moved to the cloud—a fiber connection can better serve these initiatives, saving time and money.

Understanding what pain points fiber Internet can address as well as the numerous benefits that can be had is key to knowing if you are ready to make a move to fiber. 

0

Security

 

Why Red Teaming isn’t Pen Testing

Red Teaming has become a buzz word in the security industry of late and is often mistaken to be the same as penetration testing. But how does a Red Teaming engagement actually differentiate from pen testing? 

In this webinar, Ed Williams, Director of SpiderLabs at Trustwave for Europe, Middle East and Africa, will offer key tips to help you manage the complexity of today’s advanced threat landscape and understand some of the real benefits of Red Team engagements for your organisation. 

Tune in to learn: 


• What Trustwave SpiderLabs Red Teaming is all about and what makes it unique 
• How Red Teaming is different than pen testing 
• Key benefits of a Red Team engagement for your organization

0

Network Services
It seems as if no business is safe from falling victim to a data breach anymore. Target, Apple, Ashley Madison and a host of others have found themselves at the arms of hackers looking to steal, sell and compromise confidential information and data.  And it isn’t just big companies either, in a recent study, it is reported that 55% of local businesses in the United States have experienced some form of security breach. Unfortunately, this is happening because businesses are not taking the proper security precautions to prevent unauthorized access to information. So how do you take precautions in case a data breach occurs at your company? Consider these tips:

Preparation #1: Evaluate Your Insurance Coverage

Taking a look at your insurance policies may uncover a highly beneficial coverage commonly referred to as cyber liability. You will want to know and understand the level of coverage you currently have and what it will cover in the event of a breach. If you don’t have this coverage within your business insurance, call your carrier to add it.

Preparation #2: Create a Data Breach Response Plan

After an attack, the organization may need to respond to a massive amount of inquiries, questions and phone calls from customers and impacted users, you must have a documented plan in place to address this as quickly as possible following the breach. Additionally, you may have to address the media, so create a response plan that outlines who will be authorized to speak on behalf of the company as well as what type of response is appropriate.

Preparation #3: Develop a Restitution Plan

After an attack, many companies are now providing credit monitoring services to those who were impacted by the breach. Additionally, you may want to familiarize yourself with an outside firm with experience in helping companies rebuild after a security breach.

Preparation #4: Conduct Security Trainings

If possible, hold special training sessions designed to help your employees understand proper policies and procedures that are being put in place that help to safeguard the business. Teach the importance of proper password protection, cloud security processes, mobile policies and any other security-related items they should be honoring on a daily basis. In today’s technical landscape, it is important for all business, both large and small, to acknowledge and prepare for the possibility of a data breach. Without the proper precautions in place, a business can suffer tremendous financial losses. Additionally, the overall credibility of your business may come into question. And although taking these precautions doesn’t safeguard you from an attack, they will help you to react quickly and appropriately if you experience one.
0