BLOG

4 min read

Cyber Hygiene Practices: Tips and Checklist

By DriveLock on Mar 28, 2022 11:00:00 AM

Cyber hygiene - these are simple security principles that every organisation should know and implement to keep all sensitive data under control and protect it from theft or attack. 

Continue Reading
5 min read

Security Awareness Programs: IT Security Starts with the Users

By DriveLock on Mar 2, 2022 10:00:00 AM


What Distinguishes Sustainable Security Awareness Campaigns

Continue Reading
4 min read

DriveLock support to achieve mandated CMMC and NIST certifications

By DriveLock on Jan 31, 2022 5:00:00 PM

Image source: iStock

DriveLock helps US Defense suppliers to fulfill standards mandated by the Federal Government

U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security controls. The DoD imposes strict requirements on the data shared between it and contractors and their subcontractors. To protect this data from cyberattacks, the DoD has developed a comprehensive framework that contractors must demonstrate compliance certification. DriveLock’s cybersecurity modular platform enables manufacturing companies to meet the mandated NIST and new CMMC 2.0 requirements.

Continue Reading
3 min read

Log4j Zero-Day Exploit: Vulnerability Scanner Shows a Need for Attention

By Martin Mangold on Jan 13, 2022 2:33:08 PM

Image source: iStock

Log4j has been the talk of the town for several weeks now. We have also already commented on this in a detailed post blog about Log4j and Log4Shell.

Continue Reading
5 min read

Log4j Hack – the Patch Came Too Late

By Udo Riedel on Dec 20, 2021 1:50:45 PM

Source: iStock

"In a sensational wave of attacks, tens of thousands of servers worldwide fell victim to cyberattacks in December 2021 due to a security vulnerability in Log4j. The vulnerabilities had been utilised in the so-called zero-day exploit by a previously unknown espionage group..."

Continue Reading
2 min read

PUR-S 2022: DriveLock Stays as the Endpoint Protection Champion

By DriveLock on Dec 17, 2021 9:00:00 AM

Image source: iStock

Another Top Result from the User Survey Among IT Security Experts

DriveLock has been voted one of the Champions in Endpoint Protection in the "Professional User Rating - Security Solutions (PUR-S)" survey conducted by analyst firm techconsult for two consecutive years.

Continue Reading
1 min read

DriveLock Products Not Affected by Log4j Vulnerability

By DriveLock on Dec 13, 2021 3:35:07 PM

Source iStock


National information security authorities are warning:
A critical vulnerability, also known as Log4Shell, LogJam or CVE-2021-44228, has been detected in Java Log4j library.

Continue Reading
2 min read

Release 2021.2 – DriveLock Operations Center is the Central Console for Everything

By DriveLock on Dec 1, 2021 9:00:00 AM

Image source: iStock

The second major release of this year is notably not only for extensive improvements but also for the unification of management and configuration functions under one interface: the web-based "DriveLock Operations Center" (DOC). This web-based DOC is the central interface for overviews, dashboards and report generation. It has been revised and is now the central platform for all daily management tasks of the DriveLock solution.

Continue Reading
5 min read

Could Kaseya VSA supply chain ransomware attack have been prevented?

By DriveLock on Jul 12, 2021 2:20:18 PM

The background story is that despite the existence of the Kaseya vulnerability, a decent endpoint security solution could have provided better outcome. Because in the worst case, the malware could have been installed, but the security solution would have prevented its execution - and thus also the encryption of the endpoints.

The media recently reported that a hacker attack via IT service provider Kaseya affects thousands of companies.

zdnet.com reported “attackers managed to compromise the vendor's software to push a malicious update to thousands of customers. (…) an estimated 1,000 companies have had servers and workstations encrypted. The vendor added that it is reasonable to suggest "thousands of small businesses" may have been impacted. (…) The cyberattack has been attributed to the REvil/Sodinikibi ransomware group who have ties to Russia, which has claimed responsibility on its Dark Web leak site, "Happy Blog."”.

This shows that the attack hit companies of all sizes, as well as across multiple verticals. So, irrespective of the budget or vertical, everyone is vulnerable.

At the time of an attack in a zero-day exploit - i.e. a targeted exploitation of a known or unknown vulnerability in a piece of software - we know nothing about the attack tactics or the attack vectors. But we know that we have to protect ourselves against the unknown. Therefore, I am not so much concerned with the vulnerability in the Kaseya infrastructure per se, but rather with how we can successfully prevent the exploitation of all vulnerabilities and thus allow companies to be secure.

Through a simplified summary of the somewhat complex process I would like to show where DriveLock solutions could have helped to avoid the attacks.
For the following sections I refer to the Sophos News website.

REvil was able to deploy and run its dropper locally to all customers’ endpoints without testing through the Kaseya agent. Certain directories on the endpoint are deliberately and intentionally ignored by the Kaseya agent through exclusions. This opened the way for a malicious payload agent.crt file to be written to the VSA agent's working directory for updates. After deploying the payload, the Kaseya agent then executed the following Windows shell commands concatenated into a single string:

Continue Reading
3 min read

Textbook cyberattack on US pipeline operator

By Udo Riedel on May 25, 2021 1:10:44 PM

Source: iStock

Stay on the "bright side of life".

Recently, the attack by the "Darkside” hacker group on the pipeline operator Colonial in the USA has once again brought the topic of IT security into the spotlight. The attack was covered in mainstream news and caused panic buying as well as petrol shortages on the East Coast of the U.S., and even led to a state of emergency being declared in some U.S. states. This shows that attacks, specifically those targeting companies in the critical infrastructure field, can have enormous impacts on society.

Continue Reading

Featured