Monthly Archives: July 2017

Petya Variant Flaw Attack? No Problem If You Are A Ziften Customer – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO

 

Another outbreak, another nightmare for those who were not prepared. While this newest attack is similar to the earlier WannaCry threat, there are some distinctions in this latest malware which is an alternative or brand-new strain much like Petya. Named, NotPetya by some, this strain has a great deal of issues for anybody who experiences it. It may encrypt your data, or make the system completely inoperable. And now the email address that you would be needed to get in touch with to ‘perhaps’ unencrypt your files, has been removed so you’re out of luck retrieving your files.

Plenty of information to the actions of this danger are openly offered, but I wished to discuss the fact that Ziften consumers are safeguarded from both the EternalBlue threat, which is one system utilized for its proliferation, and even much better still, an inoculation based upon a possible defect or its own type of debug check that removes the hazard from ever performing on your system. It might still spread however in the environment, however our security would currently be rolled out to all existing systems to halt the damage.

Our Ziften extension platform enables our clients to have defense in place against certain vulnerabilities and malicious actions for this threat and others like Petya. Besides the particular actions taken against this particular version, we have actually taken a holistic approach to stop certain strains of malware that carry out various ‘checks’ against the system before performing.

We can likewise utilize our Search ability to try to find remnants of the other proliferation methods utilized by this risk. Reports show WMIC and PsExec being used. We can search for those programs and their command lines and use. Despite the fact that they are legitimate procedures, their usage is typically unusual and can be signaled.

With WannaCry, and now NotPetya, we expect to see a continued increase of these kinds of attacks. With the release of the recent NSA exploits, it has given ambitious hackers the tools required to push out their malware. And though ransomware dangers can be a high product vehicle, more damaging dangers could be released. It has actually always been ‘how’ to obtain the risks to spread (worm-like, or social engineering) which is most challenging to them.

UK Parliament Need To Make Their Email System Secure After Attack – Charles Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

 

In cyberspace the sheep get shorn, chumps get munched, dupes get deceived, and pawns get pwned. We have actually seen another terrific example of this in the current attack on the UK Parliament e-mail system.

Instead of admitting to an e-mail system that was insecure by design, the official declaration read:

Parliament has strong steps in place to safeguard all our accounts and systems.

Tell us another one. The one protective step we did see at work was blame deflection – it must have been the Russians, that always works, while implicating the victims for their policy infractions. While details of the attack are scarce, combing different sources does assist to assemble a minimum of the gross scenario. If these descriptions are reasonably close, the UK Parliament e-mail system failings are atrocious.

What failed in this scenario?

Count on single factor authentication

“Password security” is an oxymoron – anything password secured alone is insecure, period, no matter the strength of the password. Please, no 2FA here, may restrain attacks.

Do not impose any limitation on failed login efforts

Helped by single factor authentication, this allows easy brute force attacks, no ability required. However when attacked, blame elite foreign hackers – nobody can validate.

Do not carry out brute force attack detection

Allow attackers to conduct (otherwise trivially detectable) brute force violations for prolonged durations (12 hours versus the UK Parliament system), to make the most of account compromise scope.

Do not impose policy, treat it as simply recommendations

Integrated with single element authentication, no limitation on failed logins, and no brute force attack detection, do not enforce any password strength recognition. Supply hackers with really low hanging fruit.

Depend on anonymous, unencrypted e-mail for sensitive communications

If hackers are successful in jeopardizing e-mail accounts or sniffing your network traffic, offer lots of opportunity for them to score high value message material completely in the clear. This likewise conditions constituents to trust easily spoofable e-mail from Parliament, producing an ideal constituent phishing environment.

Lessons learned

In addition to adding “Good sense for Dummies” to their summer reading lists, the United Kingdom Parliament email system administrators may want to take additional actions. Strengthening weak authentication practices, imposing policies, enhancing network and endpoint visibility with continuous monitoring and anomaly detection, and totally reconsidering safe and secure messaging are suggested steps. Penetration testing would have uncovered these fundamental weak points while staying far from media attention.

Even a few intelligent high-schoolers with a totally free weekend might have duplicated this attack. And lastly, stop blaming the Russians for your own security failings. Presume that any weak points in your security architecture and policy framework will be probed and made use of by some hackers somewhere across the international web. All the more incentive to discover and fix those weak points prior to the enemies do, so get started immediately. And then if your defenders do not have visibility to the attacks in progress, upgrade your tracking and analytics.

 

SysSecOps Is The Solution To The IT And Security Gap – Charles Leaver

Written By Charles Leaver Ziften CEO

 

It was nailed by Scott Raynovich. Having actually dealt with numerous organizations he understood that one of the greatest difficulties is that security and operations are two different departments – with drastically varying goals, different tools, and different management structures.

Scott and his analyst firm, Futuriom, just completed a research study, “Endpoint Security and SysSecOps: The Growing Trend to Build a More Secure Enterprise”, where one of the essential findings was that clashing IT and security objectives hamper experts – on both groups – from achieving their goals.

That’s precisely what we believe at Ziften, and the term that Scott produced to discuss the convergence of IT and security in this domain – SysSecOps – describes perfectly exactly what we’ve been discussing. Security groups and the IT teams need to get on the very same page. That means sharing the very same goals, and in some cases, sharing the very same tools.

Consider the tools that IT people use. The tools are created to ensure the infrastructure and end devices are working appropriately, when something fails, helps them fix it. On the endpoint side, those tools help make sure that devices that are allowed onto the network, are configured properly, have software applications that are authorized and properly updated/patched, and haven’t recorded any faults.

Consider the tools that security individuals utilize. They work to enforce security policies on devices, infrastructure, and security devices (like firewall programs). This may include active monitoring incidents, scanning for abnormal habits, analyzing files to ensure they do not contain malware, embracing the most recent risk intelligence, matching against recently discovered zero-days, and carrying out analysis on log files.

Discovering fires, fighting fires

Those are two different worlds. The security teams are fire spotters: They can see that something bad is occurring, can work quickly to isolate the problem, and determine if damage occurred (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to make sure that the systems are made safe and brought back into operation.

Sounds good, right? Regrettably, all too often, they don’t speak with each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, dissimilar jargon, and dissimilar city maps. Worse, the groups can’t share the same data directly.

Our approach to SysSecOps is to supply both the IT and security teams with the same resources – and that indicates the very same reports, presented in the suitable ways to professionals. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to operate in any other way. Take the WannaCry infection, for example. On one hand, Microsoft issued a patch back in March 2017 that resolved the underlying SMB defect. IT operations groups didn’t set up the patch, because they didn’t think this was a big deal and didn’t speak with security. Security groups didn’t know if the patch was set up, due to the fact that they do not speak to operations. SysSecOps would have had everyone on the same page – and might have potentially prevented this issue.

Missing data means waste and danger

The inefficient space in between IT operations and security exposes companies to risk. Preventable danger. Unneeded threats. It’s simply unacceptable!

If your company’s IT and security teams aren’t on the same page, you are incurring threats and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful since you have a lot of tools that are offering partial data that have spaces, and each of your teams only sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently shown its worth in helping organizations evaluate, analyze, and avoid significant dangers to the IT systems and endpoints. If these objectives are pursued, the security and management threats to an IT system can be considerably decreased.”

If your groups are working together in a SysSecOps sort of method, if they can see the exact same data at the same time, you not just have much better security and more efficient operations – however also lower threat and lower costs. Our Zenith software application can help you attain that performance, not only dealing with your existing IT and security tools, however also completing the spaces to make sure everyone has the right data at the correct time.