Insights

Security Snacks (Oct-16-18)

by

Adaptiva presents Security Snacks

Weekly summaries of cybersecurity news for IT Windows endpoint management professionals.

2018 State of Security Statistics

Bite

Cyberattackers are voracious innovators, so you should keep up on trends with a roundup of cybersecurity statistics from the past year.

Snack

With so many security statistics from so many sources, wouldn’t it be nice to have them all gathered in one place? CSO Online did it, and here are a few highlights:

  • 90 percent of all remote code execution attacks were associated with cryptomining.
  • 92 percent of malware is still delivered by email.
  • 56 percent said that targeted phishing attacks were the top security threat they faced.
  • Fileless malware is on the rise, accounting for 77 percent of compromised attacks.
  • The biggest cost of ransomware isn’t the ransom! 55% is from system downtime and productivity loss.
  • 54 percent of companies sampled experienced an industrial control system security incident within the past twelve months. Yikes!

Meal

Not enough stats for you? Read CSO Online’s article Top cybersecurity facts, figures and statistics for 2018.

“Perfect” Antivirus from Three Different Vendors

Bite

While no antivirus software is perfect, solutions from Bitdefender, Kaspersky, and Microsoft earned perfect scores from AV-TEST.

Snack

Three antivirus (aka antimalware) vendors earned perfect scores across the board from AV-TEST. Based in Germany, AV-TEST is a respected, independent research institute for IT security that has been around for 15 years.

The three vendors (and five editions) that earned a perfect score for protection, performance, and usability are:

  • Bitdefender Endpoint Security 6.6
  • Bitdefender Endpoint Security Elite 6.6
  • Kaspersky Small Office Security 6
  • Kaspersky Endpoint security 11.0
  • Microsoft Windows Defender Antivirus 4.12 & 4.18

Meal

For full details, and more, checked out AV-TEST’S latest round of testing.

Factoring Cyberthreats Into Company Value

Bite

Techies have been guesstimating cybersecurity risks forever, but businesses are only starting to measure these risks as part of an organization’s financial bottom line.

Snack

Enterprise Risk Management (ERM) is how businesses calculate risk by multiplying potential impact of an event by the chances it will happen. Disclaimer: that was an oversimplification, read the link below for more.

The broader point is, how in the heck can anybody factor the business impact of future cybersecurity risks into ERM? They are trying to do this with frameworks, equations, models, scorecards, AI, machine learning, etc. Put another way, they are building some really amazing Excel spreadsheets. Still, nobody has really nailed it.

This quote sums it up, “Even the really big insurance players right now aren’t widely promoting cyber insurance policies,” says Nathan Wenzler, chief security strategist at AsTech. “They exist, and they’re becoming more of a thing, but there’s no static actuarial data that’s consistent across the board.”

Meal

For more detail, read What is enterprise risk management? How to put cybersecurity threats into a business context.

US Weapons Systems Fail Cybersecurity Audit

Bite

Don’t be too proud to question cybersecurity basics like “change admin passwords from default” because the US DoD just failed an audit for that and other major oversights.

Snack

The Bad News
The U.S. Department of Defense (DoD) failed a weapon systems cybersecurity audit. The Government Accountability Office (GAO) reported, “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications.”

The Good News
The audit succeeded in its main purpose: to focus increased attention on cybersecurity in new systems before they are built. Plus, IT pros can take it as reminder to go check your passwords and other security basics.

Meal

Read Wired’s article, US Weapons Systems are Easy Cyberattack Targets, New Report Finds.

Hunting Down and Killing PowerShell Malware

Bite

PowerShell malware is extra hard to notice, find, and remove, so it may help to see how this cybersleuth and his team did it.

Snack

PowerShell cryptomining malware blew its cover by slowing host machines
Killing it just caused respawns a couple hours later.
Finding it was hard because no modified system files, hidden folders, etc.
Had to turn on PowerShell logging and dig deeper
Finally removed from the WMI database

Meal

Read TechTarget’s article, Tips to track down and neutralize PowerShell malware.

Patch Alert: Adobe Fixes Critical Flaws in Reader and Other Apps

Bite

Adobe has patched both critical and important bugs in Reader for Windows and Mac OS as well as other apps, so patch them already!

Snack

Adobe has patched bugs in a variety of applications. Since Reader is the most ubiquitously deployed, I’ll show you a few of the vulnerabilities patched there to get you a sense of it.

Vulnerability Category Vulnerability Impact Severity
Out-of-bounds write Arbitrary Code Execution Critical
Stack Overflow Information Disclosure Important
Security Bypass Privilege Escalation Critical
…Many more

While that example is from Reader, many Adobe apps are impacted by different vulnerabilities. Either patch everything Adobe, or dig deeper to see if your apps are affected.

Meal

It’s really several security bulletins from Adobe, which you can find lined in this Security Boulevard article, Adobe patches critical flaws in many of its software offerings.

The Cybersecurity Professionals Shortage Is Worse than we Thought … and We Thought It Was Bad!

Bite

If you are thinking about a career change, note that some experts are predicting a shortfall of two million cybersecurity jobs by next year.

Snack

The article basically says:

  • National security is at risk because there are not enough cybersecurity pros
  • Cybersecurity is a ridiculously hot career (which makes the world safer)
  • Adults should encourage children to get interested in a cybersecurity career
  • If you want to switch careers, there are lots of ways to get trained, get experience, and get credentialed

The article didn’t mention salary. Obviously, with this many openings it’s a decent option.

Meal

For more, read Help Net Security’s article, Serious lack of infosec professionals a key risk to national security.

The Most Popular Publicly Available Hacker Tools

Bite

Make sure you are following guidance from US-CERT on how to identify and prevent attacks using the five most common hacker tools of 2018.

Snack

Here are the five

  • JBiFrost is a Remote Access Trojan (RAT) which grants remote administrative control.
  • China Chopper is a Webshell which can grant remote access.
  • Mimikatz is a Credential Stealer which can pull passwords from memory, and more.
  • PowerShell Empire is a Lateral Movement Framework which spreads malware to different systems around a network.
  • HUC Packet Transmitter is a is C2 Obfuscation and Exfiltration tool, so basically it hides the IP address / identity of an attacker

Meal

For details, read US-CERT’s Publicly Available Tools Seen in Cyber Incidents Worldwide.

Bill Bernat
Director of Product and Content Marketing, Adaptiva

Leave a Reply

Get free education resources and more at the Adaptiva Academy

Get Free Stuff