Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Employees. Show all posts

Safeguarding Your Employee Data From Identity Theft

 

In today's digital age, where data breaches and cyberattacks are increasingly common, safeguarding against identity-based attacks has become paramount for organizations worldwide. Identity-based attacks, which involve the unauthorized access to sensitive information through compromised user credentials, pose significant risks to businesses of all sizes and industries. 

As CrowdStrike reported, 80% of attacks involve identity and compromised credentials, highlighting the widespread nature of this threat. Additionally, an IBM report found that identity-related attacks are now the top vector impacting global cybercrime, with a staggering 71% yearly increase. 

Cybercriminals employ various tactics to carry out identity-based attacks, targeting organizations through phishing campaigns, credential stuffing, password spraying, pass-the-hash techniques, man-in-the-middle (MitM) attacks, and more. Phishing campaigns, for example, involve the mass distribution of deceptive emails designed to trick recipients into divulging their login credentials or other sensitive information. Spear-phishing campaigns, on the other hand, are highly targeted attacks that leverage personal information to tailor phishing messages to specific individuals, increasing their likelihood of success.  

Credential stuffing attacks exploit the widespread practice of password reuse, where individuals use the same passwords across multiple accounts. Cybercriminals obtain credentials from previous data breaches or password dump sites and use automated tools to test these credentials across various websites, exploiting the vulnerabilities of users who reuse passwords. Password spraying attacks capitalize on human behavior by targeting commonly used passwords that match the complexity policies of targeted domains. 

Instead of trying multiple passwords for one user, attackers use the same common password across many different accounts, making it more difficult for organizations to detect and mitigate these attacks. Pass-the-hash techniques involve obtaining hashed versions of user passwords from compromised systems and using them to authenticate into other systems without needing to crack the actual password. This method allows attackers to move laterally within a network, accessing sensitive data and executing further attacks. MitM attacks occur when attackers intercept network connections, often by setting up malicious Wi-Fi access points. 

By doing so, attackers can monitor users' inputs, including login credentials, and steal sensitive information to gain unauthorized access to accounts and networks. To mitigate the risk of identity-based attacks, organizations must adopt a multi-layered approach to security. This includes implementing strong password policies to prevent the use of weak or easily guessable passwords and regularly auditing user accounts for vulnerabilities. 

Multi-factor authentication (MFA) should be implemented across all applications to add an extra layer of security by requiring users to provide a second form of authentication, such as a one-time password or biometric data, in addition to their passwords. Furthermore, organizations should protect against social engineering attacks, which often target service desk staff to gain unauthorized access to sensitive information. Automated solutions can help verify user identification and reduce the risk of social engineering vulnerabilities. 

 Identity-based attacks pose significant risks to organizations, but by implementing robust security measures and remaining vigilant against evolving threats, businesses can effectively mitigate these risks and safeguard their sensitive information from cybercriminals.

With CISOs' Evolved Roles, They Must Also Evolve Their Ways


Evolving Role of CISO

Before the rapid development and popularity of digitization, the role of CISO (Chief Information Security Officer) was constrained to just being a part of IT teams, directing IT staff and planning cybersecurity defense. Regardless of conducting crucial tasks, CISOs were not traditionally a part of high management and had limited influence on the main business.

This has changed due to the rising risk of a cybersecurity breach and the rising expense of remediation. CISO is no longer a mere security evangelist, but holds much greater significance in the IT world. 

However, with more power comes more responsibility. The cyber landscape now has become more complicated than ever, with more frequent cybercrime activities being witnessed than ever before. As cyberattacks become more complex, frequent, and damaging, the CISO is ultimately responsible for any defensive blunders made in defending against existing and new risks.

Moreover, the shortage of security professionals only adds to the struggle and strain that comes with this profession. Thus, CISO is required to focus on this issue to maintain its efficiency, with their evolving jobs. They may both safeguard their businesses and reduce their stress levels by devoting time and money to important areas like cultivating loyalty, dealing with legacy systems, and developing a culture that prioritizes security.

Building Loyalty and Skills

Competing with one another, CISOs are striving to acquire qualified cybersecurity personnel. Because there is now a dearth of qualified cybersecurity professionals and great demand, the majority of them may select where they work and demand higher pay. It will be challenging to compete with this, especially for CISOs who increasingly have more budgetary authority but also more accountability for spending wisely.

CISO can instead employee professionals who are not much skilled in cybersecurity, or even work in IT. They might gradually transition into important new cybersecurity responsibilities with the correct training and assistance. After all, not all cybersecurity positions require technological expertise.

Moreover, for roles that do require technical skills, Many firms have an underutilized resource—their developer community. Developers are in a great position to upgrade their skills, could learn secure coding approaches, and share responsibility for security because of their solid understanding of how computers function. 

Looking internally eventually profits a firm’s morale and loyalty. Also, the corporation gains new cybersecurity expertise, and their employees gain whole new lucrative career.

Dealing with Legacy Systems

Patching systems and keeping them up-to-date is not an easy task. While many company are already equipped with built up infrastructure, including legacy equipment, frameworks, and equipment that has been tightly interwoven into their work processes, ripping out and replacing is not an easy alternative. CISOs are responsible for preserving and managing these older programs, while also using the most recent apps that are running in hybrid clouds and using contemporary frameworks. 

However, cybercriminals are smart. When attempting to hack into a network or steal data, they nearly always seek for the weakest link, and such outdated frameworks, apps, and infrastructures are frequently the chosen targets.

Thus, CISOs are required to work on their maintenance plans for all legacy software. External access should be completely eliminated, if at all possible, but it is crucial that teams receive training in security best practices for all active programming languages through practical training methods and courses. Nothing gets left behind when the most recent technologies are used alongside outdated languages that have proper security support.

Creating a Security-First Culture 

In order to improve security and ease the CISO's workload, the solution may not entirely depend on technology. The best way to genuinely establish a company where security is a top priority is through a shift in culture. CISOs are in a unique position to drive this transition, both with other executives and the people they lead. They are both members of senior management and members of the security team.

A security-first culture will thus implant security into every aspect of a company's operations. Instead of being a consideration until later in the SDLC, developers should be able to write secure code that is devoid of flaws and resistant to assaults right away. This effort should be led by designated security champions from among the developer ranks, who will serve as both a coach and a motivator. With this strategy, security is ingrained in the team's DNA and supported by management rather than being mandated from above.

While these changes cannot be met overnight, they may happen gradually with some combined efforts. Since, the threat landscapes remain complex, highly advanced and ubiquitous to be handled by any one individual or a small team. Thus, it requires every employee – no matter their role – to actively contribute to increased security; only then will a business have a chance to prevent costly breaches and downtime. 

Dridex Targeted Employees with Fake Job Termination Emails

 

A new Dridex malware phishing campaign is using fake employee termination as a lure to open a malicious Excel document, which then trolls them with a season's greeting message.

TheAnalyst, a threat researcher, shared a screenshot of the false employment termination notice on December 22, linking it to a Dridex affiliate. The suspicious email informed the target that their employment will end on December 24, and also that the decision could not be reversed. A password-protected Excel file attached offered further information. 

When a receiver accessed the file, a blurred form with a button to "Enable Content" appeared, allowing the file to run an automated script through its macros function, a technology designed to aid automation that has been misused for years for harmful purposes. After clicking the button, a pop-up window displayed with the words "Merry X-Mas Dear Employees!" 

Dridex is a trojan that was first discovered in 2014 and is related to credential theft. It spreads via email phishing campaigns. According to the US Treasury Department, it has been used to steal more than $100 million from banking institutions in 40 nations. 

Dridex is thought to have been created by Evil Corp., a Russian hacker gang that has become one of the most notorious and prolific cybercrime organizations in recent years. In December 2019, the US government sanctioned the organization and indicted its alleged founders, Maksim Yakubets and Igor Turashev, for their roles in developing Bugat, the predecessor malware to Dridex. 

A response to TheAnalyst's tweet including the false termination notice observed that in some copies of the email, the "Merry X-Mas" pop-up replaced the word "Employees" with racial insults. The racist content with this particular Dridex campaign extends back to a few months, according to TheAnalyst. 

For example, a phishing email sent out to targets during Black Friday mentioned shooting "black protesters" with a license. "If you find this message to be inappropriate or offensive, please click the complaint button in the attached document and we will never contact you again," the message stated. 

According to TheAnalyst, cybercriminals frequently insert racist email addresses inside the malware payloads to insult researchers. This element of the campaign is not visible to the campaign's targets, but it is visible to researchers who seek out, study, and expose phishing campaigns.