Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business Security. Show all posts
Threat Management
Business Security CTEM Cyber Security Security Framework Threat Management

Role of Continuous Threat Exposure Management in Business Security

 

Continuous threat exposure management (CTEM) is a framework for proactively managing and mitigating threat exposure using an iterative approach that emphasises on developing structured organisational procedures as well as leveraging security tools. 

In this article, we'll go over CTEM, its key elements, and a five-step implementation plan for lowering risk exposure, improving prioritisation, and leading to better vulnerability and exposure management. 

Understanding continuous threat exposure management

In traditional vulnerability management, security teams work in relative silos, focussing less on the "why" and "how" of what is uncovered during vulnerability assessments. In contrast, CTEM is a proactive approach that assists organisations: 

  • Determine the most valuable assets for the organisation.
  • Identify the assets in scope and the different forms of exposures to these assets.
  • Validate the actual exploitability of identified exposures and the effectiveness of pre-defined organisational responses. 
  • Encourage the organisation to take the proper action. Track and improve the program through iteration.

CTEM uses an iterative strategy to continuously improve the organization's security posture. By taking this approach, organisations can create an actionable security plan that management can understand, business units can support, and technical teams can utilise as a reference. 

The 5 steps in the CTEM cycle 

1. Identify the initial scope

Most organisations struggle to keep up with the digital velocity of asset surface growth. In this step, the organisation must identify which types of assets are most important. When launching a CTEM program, organisations should consider the following as their initial scope:-

External attack surface: This refers to an organization's internet-facing assets, which an attacker could target to acquire access.

SaaS security posture: Due to the increase in remote work, many organisations receive and transfer business data to third-party APIs and externally hosted applications. 

2. Discover assets and assess threats 

 Discovery entails locating specific assets within the category established in the previous scoping step and evaluating them for potential risks. In addition to Common Vulnerabilities and Exposures (CVEs), the exposures should contain misconfigurations and other vulnerabilities. It goes without saying that finding assets based on a precise business risk scope is significantly more valuable than making a broad discovery that finds a lot of vulnerabilities and assets. 

3. Prioritizing threats 

Prioritisation involves assessing the importance of identified issues. This stage is critical for cutting through the noise of numerous security vulnerabilities and focussing on the most important concerns. Beyond CVEs, organisations should examine exploit prevalence and characteristics unique to their organisation, such as available controls, mitigation alternatives, business criticality, and risk tolerance. 

4. Validate exploitability and security response 

The validation process uses tools such as attack path simulations, breach and attack simulations, and other controlled simulations to assess the exploitability of prioritised exposures and their impact on key systems. It confirms whether vulnerabilities may be exploited and whether the present defence strategy will address them. This method entails conducting simulated attacks and ensuring that reaction plans are activated correctly. 

5. Mobilize remediation teams Through the simplification of approvals, implementation procedures, and mitigation deployments, the "mobilisation" effort seeks to assist teams in responding to CTEM results. Teams outside of the security team are frequently responsible for remediation; there are numerous approaches to problem solving, and each one may have a distinct effect on the business. 

Building on the first tool automation is crucial to developing a systematic and well-coordinated cleanup procedure. By reducing delays in implementation and operational procedures, this mobilisation phase guarantees prompt response times. 

Benefits of implementing CTEM 

Reduced risk exposure: Employing continuous monitoring to identify threats before they can impact business operations helps mitigate risk exposure. 

Improved prioritization: CTEM helps organizations understand the severity of each threat so they can determine which ones require urgent attention and resources. 

Proactive security posture: The proactive approach of CTEM is seen particularly in the scoping and discovery steps, which work continuously to address emerging threats.
Read more »
User Privacy
Business Security Cyber Security Data Leak Insider Threat User Privacy

Three Ways To Prevent Insider Threat Driven Data Leaks

 

The United States is poised to undergo a period of highly disruptive transformation. The incoming administration has promised to make significant changes, including forming a new body, the Department of Governmental Efficiency (DOGE), with the aim of substantially reducing the size of the government. 

Many people in our hugely polarised society are unhappy with the upcoming changes. Some will even refuse to "go down without a fight" and attempt to sabotage the shift or the new administration's prospects for success. How? One popular disruption method is to leak bits and pieces of insider information in order to distract, provoke opposition, and ultimately stall the changes.

While insider leaks can occur at any organisation and at any moment, a controversial move can be a major driver for such threats. We don't need to look far back for examples of this. After Donald Trump was elected to his first term, someone explicitly got a job as an IRS contractor so that he could leak the tax returns of key leaders, including President Trump. There was also information disclosed concerning a Trump cabinet pick. 

It's possible that this behaviour will worsen significantly. Agencies and organisations can take proactive measures to prepare for this. 

Launch an insider threat program: Nearly 80% of organisations have noticed an increase in insider threat activity since 2019, and just 30% believe they have the ability to deal with the situation. While external threats are frequently addressed, according to IBM's Cost of a Data Breach report, breaches by people within an organisation were the most costly, averaging just shy of $5 million.

Having a formal security strategy in place can safeguard sensitive data, maintain operational integrity, and ensure that your organization's communication links remain open and secure. Start by assessing your risk, establishing guidelines for data sharing and management, and installing technologies to monitor user activity, detect irregularities, and notify security teams of potential risks. 

Individualize information: Organisations can also explore using steganographic technologies to personalise the information they send to their employees. Forensic watermarking technology allows sensitive information to be shared in such a way that each employee receives a completely unique copy that is undetectable to the human eye. With this technology in place, employees are more likely to think twice before giving a secret presentation on future strategy. If a leak still occurs, the organisation can easily identify the source.

Avoid sharing files: The world must shift away from using files to share personal information. At first glance, it may appear impossible, yet changing the way organisations share information might help them preserve their most valuable information. File sharing is more than a risk factor; it is also a threat vector, as files are the source of the majority of data exfiltration risks. As a result, deleting them would naturally eliminate the threat. What are the alternatives? Using SaaS applications in which no one can download anything. This strategy also helps to safeguard against external attacks.
Read more »
sophisticated attacks
Business Security Cyber Security IT Flaw Security flaw sophisticated attacks

Public Holidays And Weekends Make Companies More Vulnerable to Cyberattacks

 


 Cyberattacks Surge During Holidays and Weekends: Semperis Report

Companies are particularly susceptible to cyberattacks during public holidays and weekends due to reduced security manpower. A recent report on ransomware assaults, published by Semperis, a provider of identity-based cyber resilience, confirms this vulnerability.

The study revealed that an average of 86% of organizations assessed across the United States, United Kingdom, France, and Germany were targeted during public holidays or weekends. The findings also indicate that 75% of businesses reduced their security workforce by up to 50% during these periods, leaving critical systems exposed.

Targeted Attacks During Key Business Events

Half of the respondents who experienced cyberattacks reported being targeted during major business events such as mergers or acquisitions. For instance, after UnitedHealth acquired Change Healthcare, cybercriminals exploited a security flaw in remote access systems to breach the company’s infrastructure.

The report highlighted that 90% of ransomware attacks compromised a firm’s identity service, such as Microsoft Active Directory (AD) or Entra ID, as these are widely used and vulnerable. Additionally:

  • 35% of businesses reported insufficient funds to safeguard against cyberattacks.
  • 61% of organizations lacked adequate backup solutions for their identity services.

While 81% of respondents stated they possess the knowledge to defend against identity-related threats, 83% admitted to experiencing a successful ransomware assault within the past year. This disconnect underscores the need for better implementation of security measures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly emphasized the need for vigilance during weekends and public holidays. Notably, the ransomware group Clop exploited a long weekend to take advantage of a vulnerability in the MOVEit data exchange software. This attack affected over 130 companies in Germany, leading to significant data breaches and blackmail attempts.

Solutions to Mitigate Risks

To address these vulnerabilities, enterprises must take the following measures:

  • Protect critical flaws, such as those in Active Directory (AD) and other identity services.
  • Ensure security operations centers (SOCs) are adequately staffed during off-hours.
  • Integrate cybersecurity into the broader business resiliency strategy, alongside safety, financial, and reputational risk management.

Prioritizing security as an essential component of business resilience can make the difference between surviving and thriving in the face of catastrophic cyber incidents.

Read more »
Vulnerabilities and Exploits
Business Security firewall exploits Security Patch SonicWall Vulnerabilities and Exploits

Thousands of SonicWall Devices Vulnerable to Critical Security Threats

 

Thousands of SonicWall network security devices are currently exposed to severe vulnerabilities, with over 20,000 running outdated firmware that no longer receives vendor support. This puts countless organizations at risk of unauthorized access and potential data breaches.

Key Findings of the Study

  • A Bishop Fox study identified more than 25,000 SonicWall SSLVPN devices exposed to the internet, making them easy targets for cybercriminals.
  • The research analyzed over 430,000 SonicWall devices globally and found that 39% of the exposed devices were running Series 7 firewalls, many of which lacked the latest security patches.
  • Over 20,000 devices were found to be running software versions no longer supported by SonicWall, with older Series 5 and Series 6 devices being the most at risk.

Impact of Vulnerabilities

The study highlighted that many of these devices remain susceptible to exploits, including authentication bypasses and heap overflow bugs disclosed earlier this year. Attackers could use these flaws to gain unauthorized access to networks, particularly when both SSL VPN and administration interfaces are exposed online.

Bishop Fox employed advanced fingerprinting techniques to reverse-engineer the encryption securing the SonicOSX firmware, allowing researchers to pinpoint the vulnerabilities specific to each device version.

Risks Posed by Unsupported Firmware

  • Many Series 5 devices, which are largely unsupported, continue to be exposed to the internet, leaving them highly vulnerable to attacks.
  • Series 6 devices, while better maintained, still include a significant number that have not applied the latest patches.
  • Approximately 28% of evaluated devices were found to have critical or high-severity vulnerabilities.

Recommendations for Companies

Organizations using SonicWall devices must take immediate steps to mitigate these risks:

  • Ensure all firmware is updated to the latest version to address known vulnerabilities.
  • Disable public exposure of SSL VPN and administration interfaces to reduce attack surfaces.
  • Regularly audit network security practices and implement robust patch management protocols.

The findings underscore the urgent need for companies to prioritize cybersecurity measures. Neglecting to update firmware and secure network devices can have severe consequences, leaving systems and sensitive data vulnerable to exploitation.

With threats growing increasingly sophisticated, staying proactive about network security is no longer optional—it’s essential.

Read more »
Threat Management
Business Security Citrix Cloud Platform Cyber Security Threat Management

Citrix Expands Platform Capabilities with DeviceTrust and Strong Network Acquisitions

 

Citrix, a business unit of Cloud Software Group, has acquired DeviceTrust and Strong Network to enhance the functionality of its platform. These acquisitions enable Citrix to offer more comprehensive access management and security solutions, expanding its capabilities in both on-premises and cloud environments. The integration of these technologies allows Citrix to provide customers with enhanced control over hybrid application deployments while reducing the risk of data loss.

Expanding Zero-Trust Access and Hybrid Work Solutions

The acquisitions enable Citrix to implement zero-trust access for both cloud and on-premises applications. This approach helps address a range of user needs in hybrid application deployments, improving security while lowering the risk of data loss. According to Ethan Fitzsimons, Citrix's Vice President and Head of Global Channels, the deals open up "significant" opportunities for partners by broadening the services and solutions they can offer their clients.

“With the integration of DeviceTrust and Strong Network, partners can now provide advanced zero-trust security capabilities for VDI (Virtual Desktop Infrastructure) and DaaS (Desktop as a Service) environments. This will meet critical customer needs for secure hybrid work solutions,” Fitzsimons explained. “Our partners will also be able to leverage demand for secure hybrid work environments and offer Citrix Secure Private Access and related services, including implementation, customization, and ongoing management.”

DeviceTrust and Strong Network Capabilities

DeviceTrust technology enables real-time, contextual access within VDI and DaaS systems. The platform allows organizations to track and respond to changes in device posture and user location. By continuously assessing device attestation, the Citrix platform gives IT teams the ability to grant or revoke access based on real-time security conditions, enhancing control over network access.

Strong Network provides secure cloud development environments, enabling enterprises to build, launch, and access applications more efficiently and cost-effectively. The platform offers robust protection against data breaches through features like data loss prevention (DLP) and data infiltration detection. These capabilities protect organizations from phishing, malware, and credential theft. In addition, Strong Network ensures compliance with key safety standards, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), while offering visibility and control throughout the application lifecycle.

Strengthening Citrix’s Competitive Positioning

Fitzsimons emphasized that these acquisitions strengthen Citrix’s competitive positioning, enabling the company to offer a comprehensive zero-trust security platform across all application types and use cases—a capability that many competitors currently lack.

“By embedding these technologies directly into the Citrix platform, customers gain seamless access to these advanced security features without requiring separate purchases. This positions Citrix and its partners to attract customers seeking to consolidate vendors, especially as businesses focus on streamlining operations and enhancing cybersecurity in hybrid environments,” he added.

Enhanced Support for Citrix Secure Private Access

In addition to these acquisitions, Citrix is increasing support for its Citrix Secure Private Access in hybrid environments. This expanded support includes extending zero-trust access controls to web and SaaS applications, virtual desktops, and traditional client/server applications. By offering secure management of application access across both on-premises and cloud environments, Citrix helps businesses strengthen their overall cybersecurity posture.

Read more »
Employee Training
AI technology Business Security cyber resilience Cyber Security Cybersecurity awareness data security Employee Training

Creating a Strong Cybersecurity Culture: The Key to Business Resilience

 

In today’s fast-paced digital environment, businesses face an increasing risk of cyber threats. Establishing a strong cybersecurity culture is essential to protecting sensitive information, maintaining operations, and fostering trust with clients. Companies that prioritize cybersecurity awareness empower employees to play an active role in safeguarding data, creating a safer and more resilient business ecosystem. 

A cybersecurity-aware culture is about more than just protecting networks and systems; it’s about ensuring that every employee understands their role in preventing cyberattacks. The responsibility for data security has moved beyond IT departments to involve everyone in the organization. Even with robust technology, a single mistake—such as clicking a phishing link—can lead to severe consequences. Therefore, educating employees about potential threats and how to mitigate them is crucial. 

As technology becomes increasingly integrated into business operations, security measures must evolve to address emerging risks. The importance of cybersecurity awareness cannot be overstated. Just as you wouldn’t leave your home unsecured, companies must ensure their employees recognize the value of safeguarding corporate information. Awareness training helps employees understand that protecting company data also protects their personal digital presence. This dual benefit motivates individuals to remain vigilant, both professionally and personally. Regular cybersecurity training programs, designed to address threats like phishing, malware, and weak passwords, are critical. Studies show that such initiatives significantly reduce the likelihood of successful attacks. 

In addition to training, consistent reminders throughout the year help reinforce cybersecurity principles. Simulated phishing exercises, for instance, teach employees to identify suspicious emails by looking for odd sender addresses, unusual keywords, or errors in grammar. Encouraging the use of strong passwords and organizing workshops to discuss evolving threats also contribute to a secure environment. Organizations that adopt these practices often see measurable improvements in their overall cybersecurity posture. Artificial intelligence (AI) has emerged as a powerful tool for cybersecurity, offering faster and more accurate threat detection. 

However, integrating AI into a security strategy requires careful consideration. AI systems must be managed effectively to avoid introducing new vulnerabilities. Furthermore, while AI excels at monitoring and detection, foundational cybersecurity knowledge among employees remains essential. A well-trained workforce can address risks independently, ensuring that AI complements human efforts rather than replacing them. Beyond internal protections, cybersecurity also plays a vital role in maintaining customer trust. Clients want to know their data is secure, and any breach can severely harm a company’s reputation. 

For example, a recent incident involving CrowdStrike revealed how technical glitches can escalate into major phishing attacks, eroding client confidence. Establishing a clear response strategy and fostering a culture of accountability help organizations manage such crises effectively. 

A robust cybersecurity culture is essential for modern businesses. By equipping employees with the tools and knowledge to identify and respond to threats, organizations not only strengthen their defenses but also enhance trust with customers. This proactive approach is key to navigating today’s complex digital landscape with confidence and resilience.
Read more »
Spear Phishing
Business Security Cyber Attacks Malicious Campaign Russian Hacker Spear Phishing

Microsoft Warns of Russian Spear-Phishing Campaign Targeting Multiple Organizations

 

Microsoft Threat Intelligence has discovered a new attack campaign by Russian hacker group Midnight Blizzard, targeted at thousands of users from over 100 organisations. The attack uses spear-phishing emails that contain RDP configuration files, allowing perpetrators to connect to and potentially compromise the targeted systems. 

The malicious campaign targeted thousands of users from higher education, defence, non-governmental organisations, and government institutions. Dozens of nations have been impacted, mainly in the United Kingdom, Europe, Australia, and Japan, consistent with previous Midnight Blizzard phishing attacks. 

In the most recent Midnight Blizzard assault campaign, victims received meticulously targeted emails including social engineering lures related to Microsoft, Amazon Web Services, and the concept of Zero Trust. 

According to Microsoft Threat Intelligence, the emails were sent using email addresses from legitimate organisations obtained by the threat actor during earlier breaches. Every email included an RDP configuration file signed with a free LetsEncrypt certificate and included multiple sensitive parameters. When the user accessed the file, an RDP connection was established with an attacker-controlled system. 

The threat actor could then use the established RDP connection to acquire information regarding the targeted device, such as files and folders, connected network drives, and peripherals such as printers, microphones, and smart cards. 

It would also allow for the collection of clipboard data, web authentication via Windows Hello, passkeys and security keys, and even point-of-sale devices. Such a link may also enable the threat actor to install malware on the targeted device or mapped network share(s). 

Outbound RDP connections were established to domains constructed to deceive the victim into thinking they were AWS domains. Amazon, which is collaborating with the Ukrainian CERT-UA to combat the threat, began grabbing affected domains immediately in order to stop operations. Meanwhile, Microsoft alerted all impacted customers who had been targeted or compromised.
Read more »
Spear Phishing
Business Security Consumer Data Cyber Attacks Infostealer Infostealer Malware Malvertising Malware Campaign Spear Phishing

Marko Polo Infostealer Campaigns Target Thousands Across Platforms

 

The cybercriminal group “Marko Polo” is behind a major malware operation, running 30 infostealer campaigns targeting a wide array of victims. Using techniques such as spear-phishing, malvertising, and brand impersonation, the group spreads over 50 malware payloads, including AMOS, Stealc, and Rhadamanthys, across different sectors like gaming, cryptocurrency, and software. 

According to Recorded Future’s Insikt Group, Marko Polo’s campaigns have compromised thousands of devices globally, posing a significant threat to consumer privacy and business security, with potential financial losses in the millions. The group primarily uses spear-phishing tactics via direct messages on social media, targeting high-value individuals like cryptocurrency influencers, gamers, and software developers. 

They impersonate popular brands such as Fortnite, Zoom, and RuneScape, creating fake job offers and project collaborations to deceive victims into downloading malware. In addition to these impersonations, Marko Polo even fabricates its own brand names like VDeck, Wasper, and SpectraRoom to lure unsuspecting users. The Marko Polo operation is highly versatile, capable of infecting both Windows and macOS platforms. On Windows, they use a tool called “HijackLoader” to deliver malware like Stealc, designed to extract data from browsers, and Rhadamanthys, which targets a wide array of applications and data types. 

Rhadamanthys has also added advanced features, such as a cryptocurrency clipper to redirect payments to the attackers’ wallets, and the ability to evade Windows Defender. When it comes to macOS, the group deploys Atomic (AMOS), an infostealer launched in 2023, which they rent out to cybercriminals for $1,000 per month. AMOS is highly effective at extracting sensitive data stored on macOS systems, such as Apple Keychain passwords, MetaMask seeds, WiFi credentials, credit card details, and other encrypted information. 

The Marko Polo campaign’s widespread nature highlights the dangers of information-stealing malware, and users need to be vigilant against unsolicited links and downloads from unknown sources. One of the most effective ways to protect against such malware is to download software exclusively from official websites and ensure your antivirus software is up-to-date. This ensures the detection of malicious payloads before they can compromise your system. 

Information-stealing malware campaigns are becoming increasingly common, with Marko Polo’s operation serving as a stark reminder of the sophisticated tactics cybercriminals employ today. These stolen credentials often enable hackers to breach corporate networks, engage in data theft, and disrupt business operations. Therefore, cybersecurity awareness and strong preventive measures are crucial for protecting against such malicious activities.
Read more »
Subscribe to: Posts (Atom)