Quarterly security report
The perimeter of an organization is a common vector for attacks. Attackers must get through the edge to get to valuable assets: proactive security here mitigates risks and reduces your exposure.
Edge Protection acts like a guard post and patrols along the perimeter of a secured area. This security deters attackers and is a major proactive defense for protecting your environment.
The following Edge Protection solutions are Cisco firewalls backed by Talos. Talos backs all Cisco products and is comprised of world-class researchers, analysts, and engineers; they are one of the largest threat intelligence teams and an industry-leader in threat intelligence.
• Simplified management within a seamless single pane on a web browser.
• Tailored for SoHo and Branch sites.
• Next Generation Firewall and IPS.
• Can be managed by web browser in the cloud.
• Traditional/Stateful Firewall.
• Multi-context Firewall
• Remote Access VPN Headend.
• Upgradable to Next Generation capabilities.
• Can be managed by CDO or ASDM.
• Next Generation IPS.
• Next Generation Firewall.
• Advanced Network Visibility and Threat Analytics.
• Incident response and threat investigation.
• Can be managed by CDO, FMC, or FDM.
What Edge Protection Keeps Out
Cybercriminals Feign Authenticity With CAPTCHAs:
Cybercriminals are using multiple visual CAPTCHAs to avoid detection methods and trick potential victims into believing their phishing site is real. This form of detection avoidance is new in that it uses multiple CAPTCHAs, which helps hide the spoofed site. Adding to this, people have been trained to expect CAPTCHAs on credible sites, making them less suspicious of the spoofed site. Endpoint protection utilizing intelligence provided by Next-Generation Firewalls helps prevent users from accessing these malicious sites.
Universal Health Services Fall Victim to Ransomware Attack:
Fortune 500 company Universal Health Services (UHS) has reportedly had a cyber-attack bring operations to a halt. It is believed that this attack was caused by ransomware, specifically Ryuk. Ransomware has been known to sometimes steal the data it encrypts in an effort for double extortion or to sell on the dark web. UHS has claimed that no patient or employee data was accessed, copied, or compromised. Endpoint protection utilizing intelligence provided by Next-Generation Firewalls helps prevent users from accessing sites meant to phish credentials.
Potential Flash Player Exploit Leaves Users Vulnerable:
Adobe warns of a critical vulnerability in Flash Player that stems from a NULL pointer-deference error. There are currently no known exploits of this vulnerability; however, Flash is notoriously a target for malicious actors. Adobe has released a patch for this vulnerability. Endpoint protection utilizing intelligence provided by Next-Generation Firewalls helps vulnerabilities from being exploited on resources behind the firewall.
MERCURY Exploits Microsoft Zerologon:
Iranian state actors are actively exploiting the Zerologon vulnerability, warns Microsoft. For two weeks, state actor MERCURY has been observed actively exploiting the Zerologon vulnerability. Microsoft has released a patch to mitigate this vulnerability. Endpoint protection utilizing intelligence provided by Next-Generation Firewalls helps vulnerabilities from being exploited on unpatched resources behind the firewall.
Multi Factor Authentication
Having a reliable Multi-Factor Authenticator (MFA) is important because even if you have strong passwords, your credentials are still at risk.
Your passwords for third party sites might be encrypted, but they must be stored somewhere, and the security of that storage can be compromised without you being immediately aware.
To add a layer of security that allows your company to easily meet compliance for access and user authentication controls, Robinett Consulting offers Duo, Cisco’s Multi-Factor Authenticator.
Duo protects many programs your business implements and provides secure access to your applications.
Once you have gotten started with Duo, your users will have a variety of authentication options that allow for security without interrupting their individual workflow.
Duo’s self-enrollment feature for company members makes deploying and implementing Duo easy and worry free.
This also means that as your company grows, Duo enrollment will easily scale with your growth.
Duo allows you to differentiate personal and business devices, assess the security of all devices, and identify then monitor potentially risky devices.
In addition to this, you can implement role-based access to control which devices can access applications based on hygiene or ownership.
What Multi-Factor Authentication Helps Mitigate
“Missed Chat” Phishing Attack on Microsoft Teams:
Malicious actors have crafted a phishing email that notifies users of a “missed chat” in Microsoft Teams. The aim of this is, as always, to steal recipients’ login credentials. The nature of an instant messenger application like Teams makes the user want to respond to the message with haste, thus lowering their guard. Having MFA enabled on accounts that have had credentials successfully phished will help mitigate the risk of the account being used to compromise the network.
Athlete Social Media Accounts Targeted for Phishing:
Two malicious actors targeted NFL and NBA athletes’ social-media accounts with phishing tactics. One such tactic included direct messages with embedded links to spoofed phishing websites and attempts to use successfully phished credentials against other sites, hoping for credential stuffing. One malicious actor went as far as attempting to extort their victim for returning access to the account. Both malicious actors are facing charges. Having MFA enabled on accounts that have had credentials successfully phished will help mitigate the risk of the account being hijacked.
Cyberattacks within Office 365:
Malicious actors are utilizing Office 365 applications to launch cyberattacks on stay-at-home workers. Cyberattacks launched from Office 365 can range from phishing to C2 servers due to the power behind these applications. Actors will phish user credentials and move laterally throughout the Office 365 environment. This lateral movement is expedited by applications like Power Automate and eDiscovery. MFA helps prevent cases like this from happening, as having another layer of security could prevent attackers from gaining access to begin their campaign.
Dark Web Monitoring (DWID)
Credentials for accounts can be found on the Dark Web for less than a small coffee. Once bought, access to these credentials can cause a business to close their doors.
What is the Dark Web?
The area of the internet that you access every day is just the surface of the internet. Underneath is the deep web and the Dark Web; it is in the Dark Web that a wealth of stolen data circulates for sale.
How would your credentials end up on the Dark Web?
• Your credentials can be keylogged or phished when entered on a fake website or stolen by malicious software.
• 3rd Party Data Breaches will leak a large amount of information when an outside website or data base that holds information related to your credentials is hacked.
• Accidental and Malicious Exposure are also risks as your data may inadvertently or intentionally be shared on the internet.
You can’t control a data breach, but you can control if that data is still valid. To monitor and mitigate the threat of stolen credentials, Robinett Consulting offers 24/7 monitoring with Dark Web ID.
What does DWID do?
DWID alerts you when your information is found on the Dark Web. The earlier you know what information is out there, the sooner you can secure your credentials.
You may not be aware that your credentials are on the Dark Web, but, if they are, we will let you know and inform you of any personal information that has been leaked along with those credentials.
Dark Web ID scours the Dark Web to find your information on:
- Dark Web Chatrooms
- Hacking Sites
- Hidden Theft Forums
- Peer-to-Peer file sharing networks
- Other Black Market Sites
What Monitoring the Dark Web Helps Mitigate
Network Access Sales on the Dark Web:
Cybercriminals are selling Ransomware groups access to internal networks. Access to these networks is advertised in underground forums and contain industry information, type of access, size of network, country, and more. The most common attack vector sold appears to be compromised RDP connections. Access to these internal networks can be sold for as little as $300. Monitoring the Dark Web for credentials to access your company can be a proactive step in finding out if you’ve been compromised.
Valuable PII Stolen from Cruise Lines:
Three cruise line brands had guest’s, employee’s, and crew’s personal information accessed via Ransomware by malicious actors. The company believes there’s a low likelihood of the data being misused. Cybersecurity consultants have been called in to recover files and notify those impacted. Monitoring the Dark Web for Personally Identifiable Information (PII) helps in knowing what could be used in a future phishing campaign against your employees.
PII Stolen in Pfizer Inc. Data Breach:
Pfizer Inc. had a Google Cloud storage bucket that was misconfigured and led to exposed patient information. The data included Personally Identifiable Information (PII) that could lead to further targeted attacks on those patients. This goes to show that storing information in the cloud leads to more availability and accessibility of that data, but it also leads to more risk and effort to secure that data. Monitoring the Dark Web for Personally Identifiable Information (PII) helps in knowing what could be used in a future phishing campaign against your employees.
Proactively protecting your business can be challenging and complicated, but it is a necessity in today’s world of tenacious and creative attackers. Do not be another statistic, do not be low hanging fruit, and do not be a victim to cyber-attacks. Please contact Robinett Consulting for more information.