BLOG

5 min read

Could the Kaseya VSA supply chain ransomware attack have been prevented?

By Andreas Fuchs on Jul 12, 2021 2:20:18 PM

The background story is that despite the existence of the Kaseya vulnerability, a decent endpoint security solution could have provided better outcome. Because in the worst case, the malware could have been installed, but the security solution would have prevented its execution - and thus also the encryption of the endpoints.

The media recently reported that a hacker attack via IT service provider Kaseya affects thousands of companies.

zdnet.com reported “attackers managed to compromise the vendor's software to push a malicious update to thousands of customers. (…) an estimated 1,000 companies have had servers and workstations encrypted. The vendor added that it is reasonable to suggest "thousands of small businesses" may have been impacted. (…) The cyberattack has been attributed to the REvil/Sodinikibi ransomware group who have ties to Russia, which has claimed responsibility on its Dark Web leak site, "Happy Blog."”.

This shows that the attack hit companies of all sizes, as well as across multiple verticals. So, irrespective of the budget or vertical, everyone is vulnerable.

At the time of an attack in a zero-day exploit - i.e. a targeted exploitation of a known or unknown vulnerability in a piece of software - we know nothing about the attack tactics or the attack vectors. But we know that we have to protect ourselves against the unknown. Therefore, I am not so much concerned with the vulnerability in the Kaseya infrastructure per se, but rather with how we can successfully prevent the exploitation of all vulnerabilities and thus allow companies to be secure.

Through a simplified summary of the somewhat complex process I would like to show where DriveLock solutions could have helped to avoid the attacks.
For the following sections I refer to the Sophos News website.

REvil was able to deploy and run its dropper locally to all customers’ endpoints without testing through the Kaseya agent. Certain directories on the endpoint are deliberately and intentionally ignored by the Kaseya agent through exclusions. This opened the way for a malicious payload agent.crt file to be written to the VSA agent's working directory for updates. After deploying the payload, the Kaseya agent then executed the following Windows shell commands concatenated into a single string:

Continue Reading
3 min read

Are you Essential 8 Compliant yet?

By Eric Zheng on Jul 1, 2021 9:32:26 AM

Source: iStock

“There are only two types of companies: those that have been hacked, and those that will be."

Former FBI Director Robert Mueller

No one can escape the threat of a cyber attack. One vulnerability is all an attacker needs to gain unprecedented access to all of your organisation’s confidential files and information. Not only is your company’s data at risk, but also your client’s. So it is of paramount importance that your organisation strengthens its cyber security software and practices. But how confident are you in your company’s ability to counteract cyber attacks?

Continue Reading
3 min read

Textbook cyberattack on US pipeline operator

By Udo Riedel on May 25, 2021 1:10:44 PM

Source: iStock

Stay on the "bright side of life".

Recently, the attack by the "Darkside” hacker group on the pipeline operator Colonial in the USA has once again brought the topic of IT security into the spotlight. The attack was covered in mainstream news and caused panic buying as well as petrol shortages on the East Coast of the U.S., and even led to a state of emergency being declared in some U.S. states. This shows that attacks, specifically those targeting companies in the critical infrastructure field, can have enormous impacts on society.

Continue Reading
3 min read

2021.1 DriveLock release offers many improvements and enhancements

By DriveLock on May 4, 2021 2:46:24 PM

Our first release in 2021 introduces many new features and gives our customers and interested parties an outlook on where we are heading with DriveLock. Providing the best possible protection for your computers and devices has top priority - especially in a high-risk situation we are currently facing during the pandemic, marked by home office activity, rapidly expanding IT with partly inadequate IT security precautions and increased cyber activity.
Continue Reading
2 min read

DriveLock received Common Criteria EAL 3+ certification

By DriveLock on Apr 22, 2021 12:38:01 PM

Munich 07/04/2021 - DriveLock's Device Control and Application Control solutions received Common Criteria certification from the independent Swedish CSEC authority.

This EAL 3+ certification attests to the high trustworthiness of DriveLock Agent 2019.2. The Evaluation Assurance Level 3+, which is based on a specified set of configurations, not only confirms the high product quality - the DriveLock product was methodically tested and verified during the two year certification process. It also certifies the high quality of DriveLock's software development processes.

Continue Reading
6 min read

Microsoft Exchange hack - when the patch came, it was already too late

By Udo Riedel on Mar 24, 2021 3:25:02 PM

Bildquelle: iStock

Among a high-profile wave of cyberattacks in March 2021, tens of thousands of email servers worldwide fell victim due to a vulnerability in the Microsoft Exchange Server. Through a so-called zero-day exploit, the vulnerabilities were targeted by a previously unknown Chinese espionage group called "Hafnium.” As a result, national authorities warned thousands of companies to quickly close the gap in their own Exchange servers as Microsoft released patches to fix the vulnerabilities in Exchange servers shortly after.

In this paper, we will clarify the temporal process: What happened? Could the attacks have been prevented?

Continue Reading
2 min read

Australian Businesses Under Attack - How To Protect Yourself

By Alma Pranoto on Jun 22, 2020 8:48:26 AM

On June 19, Australian Prime Minister Scott Morrison reported that businesses are targeted by a sophisticated, state-based cyber actor. In recent months, there has been a prominent increase in attacks targeting all levels of government, political organisations, the private sector, essential services, education, medical research and development. Other countries are also detecting a similar pattern. 

Continue Reading
4 min read

EDR - the Sherlock Holmes of cyber security

By Andreas Fuchs on Jun 2, 2020 11:00:00 AM

Source: iStock

On the trail towards EDR

In our last blog post "Silent hacker attacks and the need for detection mechanisms" we talked about covert cyber attacks and the need for detection tools. Now we would like to present a typical Endpoint detection and response solution with its building blocks.

Continue Reading
3 min read

Silent hacker attacks and the need for detection mechanisms

By Andreas Fuchs on May 26, 2020 2:00:00 AM

Again and again, we read about hacking incidents where attackers can spy on a company, an authority or a ministry and remain unnoticed for months without affecting the systems.

Continue Reading
4 min read

4 Essential Strategies for IT Security

By Alma Pranoto on May 19, 2020 1:00:00 AM

The Base Formula for Preventing Cyber Security Incidents 

Continue Reading
7 min read

Working from Home - 13 Tips for Increased IT Security

By DriveLock on Apr 2, 2020 2:47:13 PM

From one of our previous post, "Coronavirus calls hackers to the scene", we are already informed about basic precautions and protection measures we must take when working from the home office.

Continue Reading
1 min read

Stay Safe - Protection in your home office

By Vincent Ong on Mar 23, 2020 8:10:00 AM

As we brace ourselves to contain the spread of Covid-19 globally, it is of utmost importance for companies and enterprises to upkeep their business momentum in current challenging times. Increasingly, companies are encouraging employees to work from home to minimise physical contact. It is critical for endpoints to be well protected for employees to continue to be productive as they are working from home. However, the situation also presents opportunity for possible cyber security threats, malware attacks and social engineering to take place.

Continue Reading
1 min read

DriveLock - perfectly positioned for RSA 2020

By DriveLock on Mar 17, 2020 8:43:10 AM

With over 36,000 attendees, 700 speakers, and 650 exhibitors, the RSA conference in San Francisco was a successful and rewarding event. The conference was attended by both boutique and well-known IT security firms from around the world.

Continue Reading
3 min read

The Coronavirus gives hackers more freedom to infiltrate your network

By DriveLock on Mar 11, 2020 9:20:10 AM

Source: iStock

What you need to consider when it comes to IT security to keep your systems virus-free.

In recent weeks, the coronavirus has become the main topic for the global population, health authorities, politicians and organisations. For hackers, the panic and hysteria caused by the situation provide a perfect opportunity to successfully distribute malware. Therefore, the virus topic meets all the requirements for a successful cyberattack. 

People require up-to-date information regarding the virus. TV, radio, online guides and news, newsletters or emails are all sources of information that are accessed by the public. 

Continue Reading
3 min read

Modern Endpoint Security & EDR

By Alma Pranoto on Mar 6, 2020 12:58:37 AM

Prevention, Detection and Response - Do You Have Gaps In Your Security Architecture? 

The importance of endpoint security continues to be prevalent in today's threat landscape as 70% of all breaches are found to have originated from the endpoint. More than 42% of endpoints experience encryption failures, 75% of organisations state their IT security team are not able to respond to security incidents aptly and quickly. Therefore Endpoint security plays a very significant role in securing your systems and data. It can prevent data loss, stop the execution of malware opened by negligent employees and protect against malicious traffic. 

Continue Reading
4 min read

3 Cybersecurity Trends For 2020

By Alma Pranoto on Feb 4, 2020 5:18:39 AM

The world of IT security is evolving in 2020, are we? 

Continue Reading
3 min read

IT security in 6 steps with Zero Trust

By Andreas Fuchs on Jan 24, 2020 3:35:53 PM

source: iStock
The major strategic objective of cyber security in the digital age is to combat and contain privacy violations. A company's data is its most valuable asset that must be protected.
In the last blog post "What elements does a ZERO trust model consist of" we talked about the pillars of a Zero Trust architecture. In this article, we explain step by step how to implement Zero Trust in your company.
Continue Reading
2 min read

Risk Assessment with the SPE model

By Mohamad Ashokaibi on Dec 20, 2019 11:29:13 AM

Risk lies around every corner and should be expected at any time. In the world of IT, risk is inherently everywhere and comes in many shapes and forms. Consequently, the task of writing down all possible risks threatening an IT infrastructure can be daunting and never-ending.

Continue Reading
3 min read

What elements does a ZERO trust model consist of?

By Andreas Fuchs on Dec 3, 2019 5:11:01 PM

The major strategic goal of cyber security in the digital age is to combat and mitigate data breaches. A company's data is its most valuable asset to protect.

In the last blog post "This is how IT security works with Zero Trust today" we talked about what Zero Trust is and the rationality behind it.

Continue Reading
5 min read

This is how IT security works with Zero Trust today

By Andreas Fuchs on Nov 20, 2019 7:51:35 PM

Source: Cecile Arcurs | iStock

Why today's IT security architectures should be designed according to the ZERO TRUST model

Continue Reading
4 min read

Simple Passwords Weaken IT Security

By Alma Pranoto on Aug 20, 2019 8:09:00 PM

By Alma Pranoto
Continue Reading
2 min read

Is it really AI?

By Alfred Ortiz on Jul 30, 2019 3:40:00 PM

by Alfred Ortiz, CEO of CyberSoftwareDistributors LLC and Doctoral Candidate in Information Systems at IE University in Madrid, Spain.  

 

Continue Reading
4 min read

Zero Trust - The Blueprint To Safeguard Your Digital Business

By Alma Pranoto on Jul 2, 2019 9:18:49 AM

Continue Reading
2 min read

Why Small Businesses Need a Managed Security Service

By Alma Pranoto on Apr 26, 2019 11:16:43 AM

Continue Reading
3 min read

3 Benefits of a Managed Security Service

By Alma Pranoto on Mar 31, 2019 6:37:06 AM

Continue Reading
3 min read

Extortion becomes the new normal for Cybercrime

By Andreas Fuchs on Jan 25, 2019 8:58:00 AM

In 2017, WannaCry Ransomware spread to 100 countries over a weekend. Don't expect patching to stop the business model of digital blackmail. Be prepared!

Continue Reading
3 min read

Avoid Cyber Risks In An IIoT World

By Alma Pranoto on Dec 21, 2018 12:26:47 AM

Continue Reading
3 min read

Rolling Out Microsoft BitLocker Without Headaches

By Alma Pranoto on Dec 7, 2018 12:30:00 AM

 

Continue Reading
4 min read

Enforcing The Human Firewall

By Alma Pranoto on Nov 26, 2018 10:30:00 PM

By Alma Pranoto

Continue Reading
4 min read

How To Make Endpoint Security Easy And Effective

By Alma Pranoto on Nov 21, 2018 10:30:00 PM

Continue Reading
4 min read

3 Data Encryption Facts Your Business Is Missing!

By Alma Pranoto on Oct 24, 2018 3:02:45 AM

Picture by LaymanZoom | iStock

By Alma Pranoto

 

1. THE SHOCKING STATISTICS OF DATA BREACH

According to the IBM 2018 Cost of a Data Breach Studyit costs $3.86 million US to cover an average data breach. This cost will increase by 6.4% per year and the likelihood of a recurring breach over the next two years is 27.9%. 

Continue Reading
24 min read

Don’t avoid FDE adoption anymore!

By Mohamad Ashokaibi on Sep 24, 2018 9:12:00 AM


                                                                                                                                                                                                             Picture by anyaberkut | iStock
Continue Reading
13 min read

Time to stop USB drive horror stories!

By Mohamad Ashokaibi on Jul 1, 2018 5:51:59 PM


                                                                                                                                                  Picture by Antonio Guillem

by Mohamad Ashokaibi

  • CFO: “I've lost my USB thumb drive. Lots of important spreadsheets were there! Do something please!”

  • Project Manager: “I’ve just used my USB external drive on a contractor’s laptop who said he never had an AV. Can I use it safely on the company’s laptop again?”

  • Sales Lady: “Remember the USB drive the company has given me? Seems I dropped it in that taxi yesterday while on my way home. Could I ever know what I backed up on it before leaving the office?”

  • Engineering Team Lead: “Since my colleague checked her SD card on my PC this morning I don’t seem to be able to open my project documents anymore. They all are unreadable. What could it be?”

  • Risk Management Head: “We have a new requirement; all USB storage devices must be blocked inside our corporate network, except company-provided sticks which must be encrypted before use. Can we do that?”

Continue Reading
23 min read

And still nothing much done to educate our end-users!

By Mohamad Ashokaibi on Jul 1, 2018 5:39:05 PM

                                                                                                                                                    Picture by nd3000 | iStock

by Mohamad Ashokaibi

Continue Reading

Featured