Imagine your business or personal files being locked away and held for ransom. The sense of panic and desperation that sets in is unimaginable. This is why it’s crucial to have an offline backup plan in place.

Think of an offline backup as an insurance policy for your data. Just like you have insurance for your home or car, you should have a backup plan in case of a digital disaster. Offline backups allow you to store copies of your data on a separate device that is not connected to the internet, making it immune to ransomware attacks.

But why is it so important to have an offline backup specifically? Online backups, while convenient, can also be vulnerable to ransomware attacks. If an attacker gains access to your online backup account, they can encrypt those files as well. With an offline backup, your data is safe and secure, even if an attacker gains access to your online accounts.

So, how do you create an offline backup plan? There are several options available, including external hard drives, USB drives, and even physical copies on CD or DVD. It’s important to regularly update your offline backups, as well as store them in a secure location, such as a safe deposit box or fireproof safe.

Don’t wait until it’s too late to implement an offline backup plan. Protect your business and personal data from the devastating effects of ransomware attacks. Take the necessary precautions and invest in an offline backup solution today. It’s better to be safe than sorry in the digital world.

The post Ransomware – Why You Need Offline Backups appeared first on Threat Potential.

Just as you would wear a helmet to protect your head from physical threats, employees need to be aware of potential cyber threats to protect their company’s data and assets.

So, how can you improve employee security awareness? Here are a few tips:

1. Conduct regular training sessions on online security best practices. This can include information on phishing scams, strong password creation, and how to identify and report potential threats.
2. Implement two-factor authentication for all online accounts. This adds an extra layer of security by requiring a second form of verification, such as a code sent to a phone, before logging in.
3. Create a security awareness policy and make it easily accessible to all employees. This should outline expected behaviors and protocols for handling potential threats.
4. Regularly remind employees of the importance of security awareness. This can be through email reminders or in-person reminders during meetings.
5. Encourage employees to report any suspicious activity or potential threats. A company-wide reporting system can help identify and address potential threats before they become a bigger issue.

Improving employee security awareness is a continuous process, and it’s important to regularly review and update policies and training as needed. Don’t let your company’s data and assets fall victim to a cyberattack – invest in employee security awareness today.

The post Tips To Improve Employee Security Awareness appeared first on Threat Potential.

Traditional password attacks focus on a single account with multiple password guesses. However, password spraying attacks flip this on its axis by attempting a small set of passwords against a large amount of accounts. This tactic seeks to avoid detection and lockouts, while remaining effective by using common or weak passwords. These attacks are favorable in organizations with large user bases but can go on for long periods of time.

How do they work?

Below we’ll show a typical password spraying attack, but keep in mind different scenarios call for different methods.

• Identify login portals – During a penetration test its trivial finding login portals but for a malicious actor it may take a little digging. Hackers use various intelligence techniques such as search engine discovery or simply navigating your website. Commonly adversaries will attempt these attacks on ADFS/O365 applications since they go against internal credentials and the configurations are widely publicized. As an example, if you want to check if an organization uses O365, it couldn’t be easier. Simply use the following URL and replace user@domain with that of your choosing. https://login.microsoftonline.com/getuserrealm.srf?login=user@domain.com&xml=1. If the “NameSpaceType” returns “Managed” then O365 is in use, if it’s “Federated” then it uses an ADFS, and if “Unknown” then it doesn’t exist.

• Generate potential usernames – Discovering employees of a company is usually a Google or LinkedIn search away. Organizations are proud of their employee’s and are intentionally not trying to hide this information. However, username format can vary between organization to organization. This is where a little research can go along way into the success or failure of password spraying attacks. There are multiple avenues for reconnaissance such as, utilizing search engines, navigating company website, reviewing metadata in documents, and many more but you get the idea. Another important note is that there are ways of determining a valid/non-valid user by response times in services such as O365, which unfortunately they fail to consider a vulnerability.
• Generate potential passwords – You would think that this would be difficult but its probably the easiest part. Almost all organizations fall victim to users that have a “relaxed” stance on password security. In other words, human nature suggests that they pick something easy for them to remember and to type. These passwords include things like “Spring2020” or “Password123!” or “<CompanyName>1”. Publicly disclosed breach data is also a wealth of password knowledge.
• Conduct password spray – Now it’s time to try all the combinations! There are multiple toolsets to choose from but an application testing tool such as BurpSuite works well. What these tools will do is automatically try multiple combinations as set forth by the attacker and return information back letting them know if the credential works or not.

Why are they so successful?

Password spraying attacks go up against the likelihood that users fail to choose strong passwords and a company’s reluctance to use multi-factor authentication. Additionally, this style of attack avoids many deterrence such as account lockouts, blacklisting, and alerting.

What you can do about it?

The good news is that you can help reduce your risk to this attack vector relatively easily.

• Utilize multi-factor authentication.
• Reduce external facing login portals by forcing users through a VPN first.
• Reduce the lockout threshold for login failures.
• Enforce a strong password policy by enforcing lengthy, complex, and unique passwords. Additionally, implement a password blacklist to avoid common and easily guessed passwords.
• Utilize security awareness training and password audits.
• Configure SIEM alerts to pick up login behavior anomalies and audit logs regularly.

The post The Dangers of Password Spraying Attacks appeared first on Threat Potential.

Opportunity

These attacks are typically based on a unique opportunity that makes your organization an easier target than others. Usually these items are in an organization’s circle of influence and can take steps to reduce.

• Technology stack
  • Attackers use tools such as search engines (Google, Shodan.io) and job boards to map specific technology use that have experienced recent vulnerability disclosures or are frequently misconfigured. This also provides attackers an opportunity to try weak or default credentials to gain additional access.
• Public information disclosures
  • Credential disclosures are commonly shared on the internet and within hacker communities. Employees often times reuse their work passwords on outside services that experience a breach which make for easy credential stuffing attacks. Services such as haveibeenpwned.com allow for organizations to effortlessly discover when a credential containing their domain has been disclosed.
• Phishing
  • Many phishing campaigns permutate domains from lists or crawled from the internet in some fashion. If an employee falls victim to a phishing attack then they take advantage of this newly gained access, if not then they continue on to the next potential target.

Targeted

These attacks are directed at the organization itself and often include detailed research and recognizance. Traditionally attackers will utilize opportunistic attacks for quick access but dive much deeper.

• Industry Type
  • Often the type of industry that the organization is apart of will draw specific attention such as financial institutions, government entities, and industrial companies. The attacker is looking for a specific asset that the entity possesses or perhaps there’s a controversial issue which spawn hacktivism.
• Target by proxy
  • Some organizations that experienced a breach learn that they were simply a stepping stone to leverage a relationship to attack their partner, supplier, or customer.
• Insider Threat
  • While not historically thought of as a way of targeting an organization, insider threats such as disgruntled employees or fraud are commonplace and need to be accounted for.

Each organization should be having a conversation on why and how they may be targeted in the future. In many cases, a quick and easy change could have prevented a drastic and costly security incident.

The post How Attackers Find You appeared first on Threat Potential.

Most authorities will say that you should test before placing a system or software into production and after any major change. We all agree those are key milestones that should trigger security testing in any IT risk management program but there’s more to it than that. It’s less about how often you should test but more about a continuous conversation about the ever-changing attacker landscape, your organizations risk appetite, and general forward thinking.

Attacker Landscape

You understand what’s valuable in your organization, unfortunately attackers do too. Attackers can range from rogue employees to criminal empires, so understanding the threats against you is a critical component to your testing regimen and pace. Researching current security trends and the associated threat actor’s behavior can give you a clue as to the depth and frequency of testing required.

Risk Appetite

As the saying goes, “just enough security is the right amount of security”. It doesn’t make good business sense to spend more on a security control than what you are securing. Strive to put controls in places that give you the most bang for your buck. Keep in mind that risk in general can never be completely eliminated but you can take measures to drastically reduce the impact or likelihood of an attack. Taking a defense in depth approach to protect your most valuable assets is a great starting point and a best practice.

Forward Thinking

Key business endeavors can often create new attack vectors and invite threat actors you didn’t anticipate. Does your organization plan to acquire another business, move into a new industry, or on the verge of an R&D breakthrough? Knowing where your organization is headed can better prepare you by creating a solid foundation for your security program.

Regrettably risk management isn’t a set it and forget it activity and testing cadence is made up of a culmination of decisions. Continuous conversation and review may be what keeps your organization’s brand out of the notorious section of the news tomorrow.

The post How Often to Test appeared first on Threat Potential.

Security teams working remote

First, most non-outsourced SOC’s (Security Operation Centers) are strictly an onsite job. A lot of the tools, networks, and security procedures are built in such a way that this is a requirement. However, with the Coronavirus outbreak many organizations are choosing to have all their employee’s work from home. This has caused a disruption in security monitoring and response while team’s scramble to set up a remote work operation.

Normal resources are restricted

Secondly, many agencies are only coming out for violent or life-threatening calls. With the surge in healthcare attention and resources, malicious actors feel their actions will get lost in the fray.

More Internet usage

With social distancing and quarantine, people are online more than ever before. This creates additional opportunities for contact with attackers and they are taking full advantage. Boredom traditionally feeds exploration or curiosity and many users find themselves opening emails or navigating to parts of the web they don’t traditionally.

Coronavirus stimulus checks

Lastly, the Coronavirus stimulus checks have created a massive fraud target pool for attackers. The FTC has already released information to help fight against frauds and they haven’t even cut the first check yet. We fully expect to see massive amounts of successful fraud attempts from this stimulus check campaign.

Ways to help

The important message is to ensure you are keeping your assets and your information as secure as possible from cyber attacks. We’re starting a new Dark Web Assessment to help those who are serious about their informational footprint online. We scour the dark web, private hacker forums, and public breach disclosures for your private information. We’ll show you what they have, where they got it, and how to best protect yourself going forward. So give us a call (888) 531-3011 today!

The post Coronavirus on Cyber Attacks appeared first on Threat Potential.