Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

53 Cyber Safety Tips for The Holidays Practicing Good Cyber Hygiene to Avoid Holiday Cyber Attacks By Dr. Bob Duhainy, Walden University Doctor of Information Technology core faculty member While millions of holiday shoppers will be spending money on the best gifts for their loved ones, cyber criminals will be highly active due to the huge increase of online financial transactions, increasing the chances of stealing confidential information. Security experts at Carbon Black caution that individuals can expect to see more attempted cyberattacks starting with Black Friday and continuing through the holiday shopping season. Experian also reported that 43% of consumers who had their identity stolen say it happened while shopping online during the holidays. To stay safe online during the holiday shopping season, take the following cyber security steps: Understand your threats. It is important to realize the various vectors malicious actors are utilizing so you can properly defend yourself. Threat intelligence is an important service that information security professionals and everyday users should leverage for better protection. Before stepping out the door, examine current activity and take precautions to protect yourself. For example, the Cybersecurity and Infrastructure Security Agency (CISA), an entity within the Department of Homeland Security, provides free and up-to-date current activity and alerts, as well as a weekly vulnerability summary. CISA will also provide updates to state-run activities, which security professionals can digest and make useful to their organization, friends and family. One currently active alert from April 2018, coded under GRIZZLE STEPPE for malicious Russian cyber activity, denotes a vulnerability with Simple Network Management Protocol (SNMP) enabled network
54 devices. Russian actors can extract device configurations, collect login credentials and impersonate privileged users, among other actions. By understanding threats to this level of detail, the appropriate mitigations can be implemented. Make threat intelligence actionable intelligence. Zombie devices to botnets. While your local coffee shop may seem like a great place to get some online shopping done, remember that free, public wireless networks make it easier for cyber hackers to obtain your information. Make sure you use WPA-2 for authentication and 802.1x for remote access using IPsec/VPN tunnel before entering your personal information for an online order. Be aware of the VPN you utilize because not all VPNs are 100% secure. As of October 2019, an advanced persistent threat (APT) was discovered to exploit vulnerabilities in Palo Alto, Fortinet and Pulse Secure products, which allow actors to collect credentials. These stolen credentials can later be used at accessing a root shell for increased privileged activity. Metadata spoofing attacks. Cyber criminals exploit vulnerabilities of web-based applications due to vulnerabilities associated with various apps, especially when they are outdated. Keep up with the latest security updates on your computers, browsers and mobile devices. Setting your antivirus software to auto-update will also help safeguard your computer from the latest viruses. In addition, ensure that you remain abreast of threat intelligence and immediately apply required patches to your systems. Many examples have been encountered in which patches were available but had not been installed as directed, resulting in an information assurance event or compromise. Think back to the Marriott, Target and Office of Personnel Management hacks – each could have been prevented by appropriate patching. Authentication attacks. Once malware has been unleashed onto an electronic device, cyber criminals use brute force attacks to break the encrypted password saved in the form of an encrypted text. Never save your personal information – including your name, passwords, address and credit card information – using the remember me feature on shopping websites. Logging out of your account after each purchase ensures that your personal information won’t be compromised if your online retailers have a data breach. People often make the mistake of using the same password for multiple applications, even adding add a number or symbol to the original password after it expires. With an inverse correlation between security and convenience, users must carefully assess their circumstance. A trusted password manager can assist in producing strong and random passwords. Masquerading emails. During this time of the year, email marketing campaigns are prevalent, and phishing is an area of major concern. The Anti-Phishing Working Group (APWG) reported that phishing attacks have increased to their highest levels since 2016. Simple Mail Transfer Protocol does not possess the necessary mechanisms to verify legitimate email addresses. Users cannot trust in Domain-based Message Authentication, Reporting and Conformance (DMARC) to protect them from spoofed emails. As you’re sifting through your inbox for the best holiday sales, verify the sender’s credentials before clicking any links. Even e-mail attachments and links forwarded from trusted entities may have a malicious code. Get in the habit of manually typing websites in your internet browser to avoid any unforeseen cyberattacks. In addition to phishing, malicious actors are also exploiting vishing and smishing approaches. Always be suspicious of unsolicited information requests and make sure you know where your information is going.
Page 1 and 2:
1 8 Most Common Cybersecurity Mista
Page 3 and 4: 2
Page 5 and 6: 4 The Internet Got Safer In 2019: A
Page 7 and 8: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10: 8
Page 11 and 12: 10
Page 13 and 14: 12
Page 15 and 16: 14
Page 17 and 18: 16
Page 19 and 20: 18
Page 21 and 22: 20 8 Most Common Cybersecurity Mist
Page 23 and 24: 22 You can prevent (or decrease) th
Page 25 and 26: 24 While it’s not feasible to res
Page 27 and 28: 26 The major difference is the addi
Page 29 and 30: 28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32: 30 • Conduct cybersecurity traini
Page 33 and 34: 32 Persistent Cybersecurity Industr
Page 35 and 36: 34 Automation is welcome and seen a
Page 37 and 38: 36 Protecting Against Modern Cybera
Page 39 and 40: 38 Conclusion Unfortunately, no tec
Page 41 and 42: 40 For 2020 The Death of Traditiona
Page 43 and 44: 42 The Next Five Years The End of E
Page 45 and 46: 44 Government Agencies Are Prime Ta
Page 47 and 48: 46 It’s a basic fact of contempor
Page 49 and 50: 48 simpler way to approach these pr
Page 51 and 52: 50 Why Outsmart Cyber Attackers Whe
Page 53: 52 Depending on how you look at it,
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89 and 90: 88 Automatic for The SOC People How
Page 91 and 92: 90 Allows Transparency and Drive Le
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98: 96 After suffering a cyber attack m
Page 99 and 100: 98 Some of the most damaging Inside
Page 101 and 102: 100 Out-Smarting the Cybersecurity
Page 103 and 104: 102 Empower Other Teams Network and
Page 105 and 106:
104 New Security Report Highlights
Page 107 and 108:
106 The Threat Lab team also analyz
Page 109 and 110:
108 Drive, AWS, Office 365, etc. It
Page 111 and 112:
110 former governor, this bill also
Page 113 and 114:
112 I mean, if you want to be able
Page 115 and 116:
114 Is It Safe to Connect to Public
Page 117 and 118:
116 5. Safe Browsing Additional dil
Page 119 and 120:
118 flawed method in which Evernote
Page 121 and 122:
120 Really, Imagine a Day Without W
Page 123 and 124:
122
Page 125 and 126:
124
Page 127 and 128:
126
Page 129 and 130:
128
Page 131 and 132:
130
Page 133 and 134:
132
Page 135 and 136:
134
Page 137 and 138:
136
Page 139 and 140:
138 Meet Our Publisher: Gary S. Mil
Page 141 and 142:
140 Free Monthly Cyber Defense eMag
Page 143 and 144:
142
Page 145 and 146:
144
Page 147 and 148:
146 Nearly 8 Years in The Making…
Page 149 and 150:
148
Page 151:
150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?