CS Nov-Dec 2023

More documents

Recommendations

Info

attacks offensive PHISHING ENTERS DEEP DARK WATERS THE SOPHISTICATION OF PHISHING ATTACKS IS ALSO SOARING, WITH CYBERCRIMINALS USING WORRYINGLY POWERFUL NEW TACTICS TO GAIN ACCESS TO DATA AND SYSTEMS As the attacks landscape continues to look ever more sinister, how exactly to keep your organisation safe, on multiple attack fronts, from bad actors intent on using every means to exploit vulnerabilities has become the vexing question. With each passing month, the means to find ways to avoid joining the ranks of the countless victims who have already been successfully targeted becomes increasing beset with obstacles and uncertainties. The preferred methods of attack are now familiar, with phishing continuing to be one of the most common and effective ways for cybercriminals to gain access to data and systems. "By targeting employees, cybercriminals are looking to take advantage of what is perceived to be the weakest element in the cyber defences of an organisation," points out AJ Thompson, CCO at Northdoor. "As a result, phishing attacks are on the increase. A recent report showed that there was a 47.2% increase in phishing attacks during 2022, a huge increase and one that highlights the growing efforts of the cybercriminal community to take advantage of employees." The sophistication of phishing attacks is also increasing substantially, with cybercriminals using new tactics to gain access to data and systems. "By persuading an employee to click on a malicious link or to give them direct access to internal systems, cybercriminals can quickly get their hands-on data with little effort on their part," states Thompson. "The Egress Phishing Threat Trends Report has identified the most phished topics so far in 2023 and has also predicted what the rest of the year has in store. By connecting to world events, anniversaries, holidays, as well as the hopes and fears of ordinary people, cybercriminals can concoct persuasive emails and other of forms of communication, gaining the trust of employees and getting them to open the door into internal systems." The key to successfully defeating phishing attacks is for the security industry as a whole to work together. "By identifying and sharing new threats, everyone is able to keep an eye out and deal with them as and when they come through. The cybersecurity sector has a tendency to withhold information under the guise of security, in order to gain a competitive advantage. In the face such a sophisticated threat, this is no longer an effective way for the industry to behave. Sharing information about what threats may look like is not effective. Informing employees about the latest tactics and giving them the tools to deal with potential and future threats makes the life of the cybercriminal harder, keeping your data and systems safe," he adds. IMPERSONATION SCAM In July 2023, Menlo Security HEAT Shield detected and blocked a novel phishing attack that involved an open redirection in the 'indeed.com' website redirecting victims to a phishing page impersonating Microsoft. Consequently, this makes an unsuspecting victim believe the redirection resulted from a trusted source such as 'indeed.com'. The threat actors were found to deploy the phishing pages using the phishing-as-a-service platform named 'EvilProxy'. The service is advertised and sold on the dark web as a subscriptionbased offering with the plan validity ranging between 10 days, 20 days, and 31 days. One of the actors, known by the handle 'John_Malkovich', plays the role of an administrator and intermediary assisting customers who have purchased the service. The campaign targeted C-suite employees and other key executives across organisations based in the United States across various sectors. The infection vector was a phishing email delivered with a link that is deceptively crafted, in such a way that it comes from a trusted source, in this case 'indeed.com'. Upon clicking the link, the victim is then redirected to a fake Microsoft Online login page. It seems that HEAT Shield was able to detect and prevent this phishing attempt on the fly, by virtue of its real-time analysis feature. "It detected the phishing site by leveraging AI-based detection models to analyse the rendered web page way before the URL reputation services and other security vendors flagged this page for malicious behaviour," says Menlo Security. "HEAT Shield also generates the Zero Hour Phishing Detection alerts in the process, which help provide greater visibility to the SOC analysts by providing them with context of the threat and enriched data that will adequately support their research." 26 computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk
attacks offensive As ransomware targeting healthcare organisations increases, more advanced cybersecurity is needed to protect sensitive patient data and maintain uninterrupted operations for the continuous delivery of life-critical medical services. Hospitals and healthcare organisations face a unique security and identity challenge. With shared workstations among staff, they must determine how they can distinguish who is doing what, on which device, and enforce access control policies and threat protections based on both the user who logged in at the time and the device's posture. They also need to keep track of all user activity, with logs indicating their actions for traceability and compliance requirements. To that end, Zscaler has teamed up with CrowdStrike and Imprivata to deliver a zero trust cybersecurity solution from device to cloud that's custom-made for medical institutions, it reports. "The new Zscaler integration with the Imprivata Digital Identity Platform will provide visibility, threat protection and traceability for end-to-end, multi-user, shared device access control that are required for organisations to meet regulatory requirements, including HIPAA and HITECH," says the cloud security provider. With this new integration, users of the Zscaler Zero Trust Exchange platform, Imprivata OneSign and the CrowdStrike Falcon platform will be able to more effectively adopt a zero trust architecture that offers granular access management, threat protection, and traceability capabilities to better protect against ransomware. "Cyberattacks on healthcare organisations are at an all-time high and protecting patient data is critical to maintaining trust," says Dhawal Sharma, senior vice president and general manager at Zscaler. "Zscaler's integrations with Imprivata, in addition to CrowdStrike, provide much needed help to healthcare organisations in their journey to a zero trust architecture. We're aiding workers and technicians with least privileged access to the healthcare information they need to provide care and maintain the privacy and security of patient data." LACK OF CONFIDENCE Employees are behind a widening gap in the cybersecurity of small and mediumsized enterprises (SMEs) a new survey has revealed, as over three-quarters of SMEs' C-suite and senior managers admit they have no confidence their teams are operating their own devices securely. Employees are not the only contributing factor to risk either, as the C-suite are also lacking cyber awareness: the survey - commissioned by Cowbell, a leading provider of cyber insurance for SMEs - found over three quarters of those operating at the helm of UK SMEs are unable to confidently identify a cyber incident at work, while a further 50% believe that they're unable to identify the difference between a phishing and real email. The UK has seen a drastic change in workforce lifestyle over the past three years (as of May 2023, with 85% of employees currently working from home wanting a hybrid approach). Cowbell's findings show that businesses are not only unwittingly exposing themselves to risk through lack of awareness of simple protective measures, but are also putting too much onus on their employees to perform safety protocols, such as protecting devices, updating software and staying off unsafe networks. This can leave SMEs with a significantly heightened exposure to cyber risks, says Cowbell's Simon Hughes, VP and general manager (UK): "Business leaders have been AJ Thompson, Northdoor: the key to defeating phishing attacks is for the security industry as a whole to work together. Dhawal Sharma, Zscaler: cyberattacks on healthcare organisations are at an all-time high and protecting patient data is critical to maintaining trust. www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security 27
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Daniel Hofmann, Hornetsecurity
Page 8 and 9: ook review INSIDE THE REVOLUTION A
Page 10 and 11: product review HORNETSECURITY 365 P
Page 12 and 13: 2023 CS Awards Magician Nick Einhor
Page 14 and 15: ansomware ENEMY NO 1 - IS THE CROWN
Page 16 and 17: ansomware Michael Smith, Vercara: r
Page 18 and 19: inside view RANSOMWARE THREATENS BA
Page 20 and 21: cybersecurity training DRIVING EMPL
Page 22 and 23: cyber awareness THE CRIME-BUSTING C
Page 24 and 25: cyber awareness Don Boxley, DH2i: t
Page 28 and 29: attacks offensive Kennet Harpsoe, L
Page 30 and 31: artificial intelligence FAKING IT W
Page 32 and 33: data privacy WHAT DATA PRIVACY MEAN
Page 34 and 35: data privacy Edward Machin, Ropes &
Page 36: Computing Security Secure systems,

CS Nov-Dec 2023

Create successful ePaper yourself

Delete template?

Save as template?