As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches.
Here are concise blue team documentation containing tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries.
Covid-19 cases and cyberattacks following a similar curve – Thales
The study by Thales’s Cyber Threat Intelligence team shows that the pattern of malicious cyber activity matches the worldwide spread of Covid-19, with major attacks reported first in Asia, then in Central, Eastern and Western Europe.
In the midst of an unprecedented global health crisis, malicious actors are taking advantage of the situation to attack the information systems of companies, organizations, and individuals.
Hackers are using the pandemic as an opportunity to carry out targeted cyberattacks. Some of the new Android apps that track the propagation of the virus, for example, are infected with malware such as Trojan horses or ransomware.
There has also been an exponential increase in fraudulent or abusive activities online:
- Large numbers of domain names related to Covid-19 have been registered in recent weeks, more than 50% of which are thought to be part of “lure and decoy” operations.
- Large-scale spam campaigns using Covid-19 as a handle are attempting to spread ransomware, steal data or install banking malware.
- E-mail phishing campaigns are trying to get users to connect to fraudulent web pages offering downloads of comprised documents about Covid-19.
- Other e-mail campaigns are asking users to transfer money to sites claiming to be collecting charitable donations or to fake e-commerce sites offering personal protective equipment, for example. Initially, these attacks of opportunity were being carried out by cybercriminals, but a growing number of state-sponsored groups are now using the subject of Covid-19 to conduct various types of espionage.
Working from home: bigger risks for companies and organizations
The urgent introduction of large-scale teleworking or telecommuting is increasing cyber risks, not least because cyber attackers often try to comprise an organization’s information system by exploiting the following vulnerabilities:
- The use of personal devices for professional purposes (Shadow IT): employees working at home might use equipment or solutions that have not been approved by the company’s IT security specialists and are not under their control. This equipment can be a point of entry to critical data or the enterprise information system.
- Unauthorised installation of applications, software or tools that could be a security risk.
- Use of data storage solutions that offer inadequate security or have been deployed too quickly.
To help meet the IT security requirements of companies, organisations and their employees, Thales is now offering free access to two remote collaboration solutions — the Citadel professional chat and call app and the Cryptobox secure telework solutions — both of which are already widely used by French government agencies and major enterprise customers.
The remote connection to corporate applications and cloud services can also be at risk, especially when employee are working remotely. To help them connect securely, Thales also offers its SafeNet Trusted Access solution.
Risks are significantly higher than usual in these difficult times, so it’s more important than ever to protect your data, your networks and your information systems to avoid creating a cyber-crisis in addition to the health crisis we are already facing.
With the coronavirus constantly in the news, more businesses than ever are considering the viable option of telework as opposed to traditional onsite work for their company and employees. The new cyber threats and data breaches constantly reported indicates that business owners have to ask themselves the question: How do I maintain my cybersecurity when my employees work remotely?
Whether you have one employee working on a mobile device while on a business trip or your entire staff telecommuting from home, your cybersecurity shouldn’t be sacrificed for convenience. By understanding your options and working with quality IT services providers, you can safely navigate the cyber world and keep your business protected.
Cyber Security and Telework
Maintaining your cybersecurity while allowing your employees to work remotely can be a challenge, but it can be accomplished with minimal risk if you plan ahead and choose the right options for your business. If you don’t expect someone to infiltrate your network, you won’t be protected when someone tries. Always prepare for the worst-case scenario.
The report below states the constants that incorporate and facilitate the ability to work from home for security professionals
In 2015, the United States Congress passed the cybersecurity Act of 2015 (CSA), and within this
legislation is Section 405(d): Aligning Health Care Industry Security Approaches. As an approach to this
requirement, in 2017 HHS convened the 405(d) Task Group leveraging the Healthcare and Public Health
(HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group is
comprised of a diverse set of over 150 members representing many areas and roles, including
cybersecurity, privacy, healthcare practitioners, Health IT organizations, and other subject matter
The Task Group’s charge was to develop a document that is available to everyone at no cost and
includes a common set of voluntary, consensus-based, and industry-led guidelines, practices,
methodologies, procedures, and processes that serve as a resource to meet three core goals to:
1. Cost-effectively reduce cybersecurity risks for a range of health care organizations;
2. Support voluntary adoption and implementation; and
3. Ensure on an ongoing basis that content is actionable, practical, and relevant to healthcare
stakeholders of every size and resource level.
Progress || The Task Group assembled in May 2017 and since then, many achievements have been
made with this effort. The table highlights current accomplishments made by those involved.
The report below elaborates the current health industry cybersecurity best practices.
The new decade has begun relatively well, with a six-month low of only 61 disclosed cybersecurity incidents.
By comparison, 2019 saw an average of almost 80 data breaches and cyber attacks per month.
It’s not all good news, though. Several major incidents occurred in January, boosting the total number of breached records to a substantial 1,505,372,820.
That includes several worrying incidents involving UK organizations – which are highlighted in bold.
You can find detailed breakdowns of some of the more notable incidents by subscribing to our Round-ups or by visiting our cheatsheet page where we have a dedicated variety of handy cybersecurity cheatsheets.
In the meantime, you can check out the full list here:
- Travelex suspends services after ransomware attack (unknown)
- Richmond County Schools, MI, refuses to pay $10k ransom (unknown)
- Saskatchewan’s eHealth records held hostage by cyber criminals (unknown)
- Bartlett Public Library District, IL, computers disabled by ransomware (unknown)
- Enloe Medical Center rescheduled elective procedures after being shut out of its systems (unknown)
- Anchorage-based bty Dental notifies patients after ransomware attack (2,008)
- Patients at The Center for Facial Restoration receive ransom demand (unknown)
- Dawson’s Creek, British Columbia, hit by ransomware (unknown)
- California’s Panama-Vista School District says ransomware will delay report cards (15,985)
- Colonie, NY, working on backups after cyber criminals lock down computer system (unknown)
- New Jersey synagogue hit by Sodinokibi ransomware (unknown)
- Oman’s largest insurance company shut down by ransomware (unknown)
- Data leak exposes the owners of thousands of anonymous offshore companies (unknown)
- Fresh Film Productions leaks personal data of Dove ‘real people’ ad participants (1,500)
- Insecure database leaks Brits’ passport info online (+2,000)
- Consultancy firms leak data on workers (+2,000)
- UK betting firms given vast access to children’s personal data (28 million)
- University of Ottawa says password-protected laptop was stolen from campus (188)
- IT provider for Fayette Co., OH, loses six months of data in mix-up (unknown)
- Database belonging to people-finder site CheckPeople.com found online (56.25 million)
- Software provider Front Rush exposed server of student’s information (700,000)
- Every day, millions of patients’ health records are spilled onto the Internet (1.19 billion)
- Peekaboo Moments app left baby videos and users’ email address exposed online (800,000)
- Smart city system City Brain exposed its data online – again (unknown)
- A hacker is selling personal data that they claim belongs to San Fran-based LimeLeads (49 million)
- Amazon Web Services bucket containing webcam models’ data leaked online (875,000)
- Investigation underway into privacy breach at City of Corner Brook’s website (unknown)
- Ukraine says personal data leaked from government jobs portal (unknown)
- Hacker leaks database of passwords for home routers and smart devices (515,000)
- Microsoft discloses security breach of customer support system (250 million)
- PIH Health notifies patients of data breach after email gaffe (200,000)
- Iowa Department of Human Services discloses janitorial mishap involving personal data (4,784)
- H&M under investigation amid claims of massive privacy breach (unknown)
Malicious insiders and miscellaneous incidents
In other news…
Source: IT Governance
Throughout the year 2019, we kept an eye on cyber attack and data breach reported in mainstream publications, releasing our findings in our monthly blog series.
This allowed us to see how many security incidents were occurring, how many records were involved and which industries were worst affected.
Did you know, for example, that July was the worst month of the year in terms of breached records? Or that the leading cause of data breaches was internal error?
With 2019 in the books, we’ve summarised these and other facts in infographics below
Source: IT Governance
Cybersecurity certifications can be a great way of fast-tracking your career. The right course can get you that promotion you want. However, they require an investment of both time and money, and you don’t want to waste either of these on the wrong course. This is why it’s worth taking some time to choose carefully.
Are you looking for a definitive list of the best Cyber Security Certifications in 2020? Ranging from the most basic certifications (ITIL foundation, CompTIA A+) up until the most recognized within the cybersecurity industry (CISSP)? Below is a list of over 200 accredited certifications, detailing their tracks and distinct categories for year 2020
Read and download Hackerone’s official 2019 Hacker-Powered Security report, focusing on the latest industry-wide cybersecurity tactics and events from the hacker’s perspective.
With hacker-powered security testing, organizations can identify high-value bugs faster with help from the results-driven ethical hacker community.
This Hacker-Powered Security Report 2019 is the most comprehensive report on hacker-powered security, having the largest repository of hacker activity and vulnerability data on display in one comprehensive report.
Inside you will find:
- Year over year bug bounty program growth by industry
- Vulnerabilities by type found across different industries
- Average time to resolution and reward
- Percentage of bounties found by severity level
- Bug bounty payout trends and highest awarded bounties ranked by industry
- Customer success highlights and hacker quotes and motivations
Threats Report – McAfee Labs
Threats Report - McAfee Labs