Today is my first day back as a freelancer with ALC Training and Consulting and I thought I'd start off the year with a quick revision of the Cloud Security Alliance Top Cloud Threats, known as the Treacherous 12. This was updated to include specific real-life examples in November 2017:
Followed by more revision of the OWASP Top 10 threats that are relevant when developing software, which was updated in 2017:
This lead to me to refresh my memory on the most significant advanced persistent threat (APT) events of 2017, as well as the definition of an APT.
So….an Advanced Persistent Threat (APT) is a specialised and generally sophisticated attack that we often associate with CyberWarfare and Cyber espionage. It generally consists of installing malicious software onto multiple hosts into an organisation, orchestrated by a third party, and results in some form of damage to the infected organisation, i.e. valuable data being exposed (Sony – Guardians of Peace) or data being destroyed with a ransom required to recover (WannaCry).
I found a great resource from Kaspersky Labs that provides a visual dashboard for all known APTs.
Here are the Top 3 most dangerous threats found towards the end of 2017:
1. ShadowPad - A company called NetSarang produce server management tools for large corporate networks. Their products, available via download, had become infected with an encrypted payload from a malicious actor. Software should be removed, and the latest 'clean' copies installed. For more info, please see link.
2. NoPetya / ExPetr - This is ransomware which is spread via the use of custom tools, such as Mimikatz. It reboots the system after infection and starts to encrypt data onto NTFS partitions, which affects Windows PC's and servers. For more info, please see link.
3. WannaCry - Well publicised in the media, this is also ransomware, and exploits a known vulnerability on Windows devices, called 'EternalBlue' . If your Windows devices are patched against EternalBlue exploit, then you're safe, however many organisations did not and were susceptible to WannaCry. For more info, please see link.
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.