Charles Leaver – The Petya Variant Flaw Does Not Cause Ziften Customers Any Trouble

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO

 

Another infestation, another headache for those who were not prepared. While this most current attack is similar to the earlier WannaCry risk, there are some differences in this latest malware which is an alternative or brand-new strain much like Petya. Named, NotPetya by some, this strain has a lot of issues for anybody who encounters it. It might encrypt your data, or make the system totally unusable. And now the e-mail address that you would be required to contact to ‘maybe’ unencrypt your files, has actually been taken down so you’re out of luck getting your files back.

Lots of information to the actions of this hazard are openly offered, however I wanted to touch on that Ziften consumers are safeguarded from both the EternalBlue threat, which is one system used for its proliferation, and even much better still, an inoculation based upon a possible flaw or its own type of debug check that removes the danger from ever operating on your system. It might still spread however in the environment, but our security would currently be rolled out to all existing systems to halt the damage.

Our Ziften extension platform allows our consumers to have security in place versus specific vulnerabilities and destructive actions for this risk and others like Petya. Besides the particular actions taken against this specific variation, we have actually taken a holistic approach to stop specific strains of malware that conduct different ‘checks’ against the system prior to executing.

We can likewise utilize our Browse capability to try to find residues of the other proliferation strategies utilized by this danger. Reports reveal WMIC and PsExec being used. We can look for those programs and their command lines and usage. Despite the fact that they are genuine processes, their use is generally unusual and can be alerted.

With WannaCry, and now NotPetya, we anticipate to see a continued increase of these kinds of attacks. With the release of the current NSA exploits, it has actually given ambitious cyber criminals the tools needed to push out their items. And though ransomware dangers can be a high commodity vehicle, more harmful risks could be launched. It has always been ‘how’ to obtain the hazards to spread out (worm-like, or social engineering) which is most difficult to them.

Charles Leaver – Attack On UK Parliament Email System Highlights Insecurities

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

 

In the online world the sheep get shorn, chumps get chewed, dupes get duped, and pawns get pwned. We’ve seen another terrific example of this in the current attack on the United Kingdom Parliament email system.

Rather than admit to an e-mail system that was not secure by design, the main statement read:

Parliament has strong procedures in place to secure all our accounts and systems.

Yeah, right. The one protective measure we did see in action was blame deflection – the Russians did it, that constantly works, while implicating the victims for their policy infractions. While details of the attack are limited, combing various sources does assist to assemble at least the gross scenario. If these accounts are reasonably close, the UK Parliament email system failings are atrocious.

What failed in this scenario?

Rely on single element authentication

“Password security” is an oxymoron – anything password protected alone is insecure, period, irrespective of the strength of the password. Please, no 2FA here, may hinder attacks.

Do not impose any limit on unsuccessful login efforts

Facilitated by single factor authentication, this enables basic brute force attacks, no ability required. However when violated, blame elite state-sponsored hackers – nobody can verify.

Do not carry out brute force violation detection

Allow opponents to perform (otherwise trivially detectable) brute force violations for extended periods (12 hours against the United Kingdom Parliament system), to maximize account compromise scope.

Do not enforce policy, treat it as merely recommendations

Integrated with single element authentication, no limit on failed logins, and no brute force violation detection, do not impose any password strength recognition. Supply attackers with very low hanging fruit.

Count on anonymous, unencrypted email for delicate interactions

If assailants do succeed in compromising email accounts or sniffing your network traffic, provide lots of opportunity for them to score high value message material completely without obstruction. This also conditions constituents to trust easily spoofable e-mail from Parliament, developing a perfect constituent phishing environment.

Lessons discovered

In addition to adding “Sound judgment for Dummies” to their summertime reading lists, the UK Parliament e-mail system administrators may want to take further actions. Strengthening weak authentication practices, enforcing policies, enhancing network and endpoint visibility with constant monitoring and anomaly detection, and completely reassessing secure messaging are advised actions. Penetration testing would have revealed these foundational weaknesses while remaining far from media attention.

Even a few sharp high schoolers with a complimentary weekend might have replicated this violation. And lastly, stop blaming Russia for your own security failings. Assume that any weaknesses in your security architecture and policy framework will be probed and exploited by some cyber criminals somewhere throughout the global internet. All the more incentive to discover and fix those weaknesses prior to the opponents do, so get started immediately. Then if your defenders don’t cannot see the attacks in progress, upgrade your monitoring and analytics.

Charles Leaver – Closer Working Of IT And Security Using SysSecOps

Written By Charles Leaver Ziften CEO

 

It was nailed by Scott Raynovich. Having actually dealt with numerous companies he recognized that one of the biggest challenges is that security and operations are two different departments – with drastically varying goals, different tools, and varying management structures.

Scott and his analyst company, Futuriom, recently completed a research study, “Endpoint Security and SysSecOps: The Growing Trend to Build a More Secure Business”, where one of the essential findings was that contrasting IT and security objectives hamper professionals – on both groups – from attaining their objectives.

That’s exactly what our company believe at Ziften, and the term that Scott produced to talk about the convergence of IT and security in this domain – SysSecOps – describes perfectly exactly what we’ve been discussing. Security teams and the IT teams should get on the very same page. That indicates sharing the exact same goals, and in some cases, sharing the very same tools.

Consider the tools that IT people use. The tools are designed to ensure the infrastructure and end devices are working appropriately, when something fails, helps them repair it. On the end point side, those tools help make sure that devices that are allowed onto the network, are set up appropriately, have software that’s authorized and appropriately updated/patched, and have not registered any faults.

Think of the tools that security folks use. They work to impose security policies on devices, infrastructure, and security apparatus (like firewall programs). This might include active tracking events, scanning for abnormal behavior, taking a look at files to ensure they don’t include malware, adopting the current risk intelligence, matching versus recently discovered zero-days, and carrying out analysis on log files.

Finding fires, battling fires

Those are two varying worlds. The security groups are fire spotters: They can see that something bad is occurring, can work quickly to separate the problem, and figure out if damage took place (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to ensure that the systems are secure and revived into operation.

Sounds excellent, doesn’t it? Unfortunately, all too often, they do not talk to each other – it resembles having the fire spotters and fire fighters utilizing different radios, different jargon, and dissimilar city maps. Worse, the teams can’t share the exact same data directly.

Our technique to SysSecOps is to supply both the IT and security groups with the exact same resources – and that indicates the exact same reports, presented in the suitable ways to experts. It’s not a dumbing down, it’s working smarter.

It’s ludicrous to operate in any other way. Take the WannaCry infection, for instance. On one hand, Microsoft provided a patch back in March 2017 that attended to the underlying SMB defect. IT operations groups didn’t set up the patch, due to the fact that they didn’t believe this was a big deal and didn’t talk with security. Security teams didn’t know if the patch was set up, due to the fact that they don’t talk with operations. SysSecOps would have had everyone on the exact same page – and might have potentially prevented this problem.

Missing out on data means waste and danger

The inefficient space in between IT operations and security exposes organizations to threats. Preventable threats. Unneeded risk. It’s just unacceptable!

If your organization’s IT and security groups aren’t on the same page, you are sustaining dangers and costs that you shouldn’t have to. It’s waste. Organizational waste. It’s wasteful because you have many tools that are providing partial data that have gaps, and each of your teams only sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has actually already proven its worth in assisting companies examine, analyze, and avoid considerable threats to the IT systems and endpoints. If these goals are pursued, the security and management risks to an IT system can be considerably diminished.”

If your teams are collaborating in a SysSecOps kind of way, if they can see the same data at the same time, you not only have better security and more effective operations – however likewise lower threat and lower expenses. Our Zenith software can help you accomplish that performance, not only working with your existing IT and security tools, however also filling in the spaces to make sure everyone has the ideal data at the right time.