The background story is that despite the existence of the Kaseya vulnerability, a decent endpoint security solution could have provided better outcome. Because in the worst case, the malware could have been installed, but the security solution would have prevented its execution - and thus also the encryption of the endpoints.

The media recently reported that a hacker attack via IT service provider Kaseya affects thousands of companies.

zdnet.com reported “attackers managed to compromise the vendor's software to push a malicious update to thousands of customers. (…) an estimated 1,000 companies have had servers and workstations encrypted. The vendor added that it is reasonable to suggest "thousands of small businesses" may have been impacted. (…) The cyberattack has been attributed to the REvil/Sodinikibi ransomware group who have ties to Russia, which has claimed responsibility on its Dark Web leak site, "Happy Blog."”.

This shows that the attack hit companies of all sizes, as well as across multiple verticals. So, irrespective of the budget or vertical, everyone is vulnerable.

At the time of an attack in a zero-day exploit - i.e. a targeted exploitation of a known or unknown vulnerability in a piece of software - we know nothing about the attack tactics or the attack vectors. But we know that we have to protect ourselves against the unknown. Therefore, I am not so much concerned with the vulnerability in the Kaseya infrastructure per se, but rather with how we can successfully prevent the exploitation of all vulnerabilities and thus allow companies to be secure.

Through a simplified summary of the somewhat complex process I would like to show where DriveLock solutions could have helped to avoid the attacks.
For the following sections I refer to the Sophos News website.

REvil was able to deploy and run its dropper locally to all customers’ endpoints without testing through the Kaseya agent. Certain directories on the endpoint are deliberately and intentionally ignored by the Kaseya agent through exclusions. This opened the way for a malicious payload agent.crt file to be written to the VSA agent's working directory for updates. After deploying the payload, the Kaseya agent then executed the following Windows shell commands concatenated into a single string:

“There are only two types of companies: those that have been hacked, and those that will be."

Former FBI Director Robert Mueller

No one can escape the threat of a cyber attack. One vulnerability is all an attacker needs to gain unprecedented access to all of your organisation’s confidential files and information. Not only is your company’s data at risk, but also your client’s. So it is of paramount importance that your organisation strengthens its cyber security software and practices. But how confident are you in your company’s ability to counteract cyber attacks?

Stay on the "bright side of life".

Recently, the attack by the "Darkside” hacker group on the pipeline operator Colonial in the USA has once again brought the topic of IT security into the spotlight. The attack was covered in mainstream news and caused panic buying as well as petrol shortages on the East Coast of the U.S., and even led to a state of emergency being declared in some U.S. states. This shows that attacks, specifically those targeting companies in the critical infrastructure field, can have enormous impacts on society.

Munich 07/04/2021 - DriveLock's Device Control and Application Control solutions received Common Criteria certification from the independent Swedish CSEC authority.

This EAL 3+ certification attests to the high trustworthiness of DriveLock Agent 2019.2. The Evaluation Assurance Level 3+, which is based on a specified set of configurations, not only confirms the high product quality - the DriveLock product was methodically tested and verified during the two year certification process. It also certifies the high quality of DriveLock's software development processes.

Among a high-profile wave of cyberattacks in March 2021, tens of thousands of email servers worldwide fell victim due to a vulnerability in the Microsoft Exchange Server. Through a so-called zero-day exploit, the vulnerabilities were targeted by a previously unknown Chinese espionage group called "Hafnium.” As a result, national authorities warned thousands of companies to quickly close the gap in their own Exchange servers as Microsoft released patches to fix the vulnerabilities in Exchange servers shortly after.

In this paper, we will clarify the temporal process: What happened? Could the attacks have been prevented?

On June 19, Australian Prime Minister Scott Morrison reported that businesses are targeted by a sophisticated, state-based cyber actor. In recent months, there has been a prominent increase in attacks targeting all levels of government, political organisations, the private sector, essential services, education, medical research and development. Other countries are also detecting a similar pattern. 

On the trail towards EDR

In our last blog post "Silent hacker attacks and the need for detection mechanisms" we talked about covert cyber attacks and the need for detection tools. Now we would like to present a typical Endpoint detection and response solution with its building blocks.

Again and again, we read about hacking incidents where attackers can spy on a company, an authority or a ministry and remain unnoticed for months without affecting the systems.

The Base Formula for Preventing Cyber Security Incidents 

From one of our previous post, "Coronavirus calls hackers to the scene", we are already informed about basic precautions and protection measures we must take when working from the home office.

As we brace ourselves to contain the spread of Covid-19 globally, it is of utmost importance for companies and enterprises to upkeep their business momentum in current challenging times. Increasingly, companies are encouraging employees to work from home to minimise physical contact. It is critical for endpoints to be well protected for employees to continue to be productive as they are working from home. However, the situation also presents opportunity for possible cyber security threats, malware attacks and social engineering to take place.

With over 36,000 attendees, 700 speakers, and 650 exhibitors, the RSA conference in San Francisco was a successful and rewarding event. The conference was attended by both boutique and well-known IT security firms from around the world.

What you need to consider when it comes to IT security to keep your systems virus-free.

In recent weeks, the coronavirus has become the main topic for the global population, health authorities, politicians and organisations. For hackers, the panic and hysteria caused by the situation provide a perfect opportunity to successfully distribute malware. Therefore, the virus topic meets all the requirements for a successful cyberattack. 

People require up-to-date information regarding the virus. TV, radio, online guides and news, newsletters or emails are all sources of information that are accessed by the public. 

Prevention, Detection and Response - Do You Have Gaps In Your Security Architecture? 

The importance of endpoint security continues to be prevalent in today's threat landscape as 70% of all breaches are found to have originated from the endpoint. More than 42% of endpoints experience encryption failures, 75% of organisations state their IT security team are not able to respond to security incidents aptly and quickly. Therefore Endpoint security plays a very significant role in securing your systems and data. It can prevent data loss, stop the execution of malware opened by negligent employees and protect against malicious traffic. 

The world of IT security is evolving in 2020, are we? 

Risk lies around every corner and should be expected at any time. In the world of IT, risk is inherently everywhere and comes in many shapes and forms. Consequently, the task of writing down all possible risks threatening an IT infrastructure can be daunting and never-ending.

The major strategic goal of cyber security in the digital age is to combat and mitigate data breaches. A company's data is its most valuable asset to protect.

In the last blog post "This is how IT security works with Zero Trust today" we talked about what Zero Trust is and the rationality behind it.

Why today's IT security architectures should be designed according to the ZERO TRUST model

by Alfred Ortiz, CEO of CyberSoftwareDistributors LLC and Doctoral Candidate in Information Systems at IE University in Madrid, Spain.  

In 2017, WannaCry Ransomware spread to 100 countries over a weekend. Don't expect patching to stop the business model of digital blackmail. Be prepared!

By Alma Pranoto

Picture by LaymanZoom | iStock

By Alma Pranoto

1. THE SHOCKING STATISTICS OF DATA BREACH

According to the IBM 2018 Cost of a Data Breach Study, it costs $3.86 million US to cover an average data breach. This cost will increase by 6.4% per year and the likelihood of a recurring breach over the next two years is 27.9%. 

                                                                                                                                                  Picture by Antonio Guillem

by Mohamad Ashokaibi

• CFO: “I've lost my USB thumb drive. Lots of important spreadsheets were there! Do something please!”
  
  
• Project Manager: “I’ve just used my USB external drive on a contractor’s laptop who said he never had an AV. Can I use it safely on the company’s laptop again?”
  
  
• Sales Lady: “Remember the USB drive the company has given me? Seems I dropped it in that taxi yesterday while on my way home. Could I ever know what I backed up on it before leaving the office?”
  
  
• Engineering Team Lead: “Since my colleague checked her SD card on my PC this morning I don’t seem to be able to open my project documents anymore. They all are unreadable. What could it be?”
  
  

• Risk Management Head: “We have a new requirement; all USB storage devices must be blocked inside our corporate network, except company-provided sticks which must be encrypted before use. Can we do that?”

                                                                                                                                                    Picture by nd3000 | iStock

by Mohamad Ashokaibi