Blog Post Archives

ICBA Live 2023: Honolulu, HI

February 15, 2023/in Blog Post/by Ellen Loughlin

Dates: March 12-16, 2023
Location: Hilton Hawaiian Village Waikiki Beach Resort – Honolulu, HI
Booth #: 932 (Main Street Foyer next to ThinkTECH)

Join Mark Sangster, Vice President, Chief of Strategy at Adlumin, during his speaking session at ICBA Live 2023 and converse with us at Adlumin’s booth #932, located at the Main Street Foyer next to ThinkTech.

During his speaking session, Sangster will debunk the cyber misconceptions that plague most businesses. You’ll learn how to frame conversations to report on risks rather than threats, define objectives and priorities, allocate resources, and report that demonstrates, not action.

Cybersecurity is not an IT problem to solve, it’s a business risk to manage.

Speaking Session: The Cyber Rosetta Stone: Translating the Ones and Zeroes of Threats to the Dollars and Cents of Risk

Speaker: Mark Sangster, Vice President, Chief of Strategy at Adlumin
Session Date: Tuesday, March 14, 2023
Session Time: 7:00 AM – 7:50 AM HST

For complete event information, visit our ICBA Live event page.

Questions? Contact: marketingevents@adlumin.com

Three Critical Elements for the Perfect Security Operations Mix

February 9, 2023/in Blog Post/by Adlumin Staff

Investing in a Security Operations Platform plus Managed Detection and Response (MDR) Services enables access to talented, around-the-clock cybersecurity experts, scalability, lower ongoing costs, and shared threat intelligence. This final white paper in our 3-part series details the first steps to building the foundation of your Security Operations Platform and outlines three critical elements to incorporate into your cybersecurity strategy.

According to Gartner, data breaches broke records in 2021, so 88% of executives consider cybersecurity a top threat to their operations rather than a technical IT problem. Organizations must invest in solutions that proactively and continuously protect against threats while offering automated solutions to mitigate the risk of an attack. Technologies and services are often expensive and complex requiring effective management. For this reason, many small-to-medium businesses turn to a Security Operations Platform.

As the threat landscape evolves, compliance regulations follow suit, and the volume of data and emerging technology introduces new obligations and exposures. MDR services utilize organizations’ data by tracking and detecting threat trends across a broad base of monitored customers. The assistance from an extended security team is invaluable, as they manage the software and tools in your security stack and provide 24×7 emergency responses for attacks.

Key takeaways:

First steps to building the foundation of a Security Operations Platform
Three critical elements to incorporate into your cybersecurity strategy
The benefits of MDR services and 360-degree visibility

Adlumin wants to be your guide to educating you on the threats your organization is up against while equipping your IT landscape with the necessary tools.

Download Three Critical Elements for the Perfect Security Operations Mix to get started.

Local-Level Threats: Cybersecurity Strategies for Regional Businesses

February 7, 2023/in Blog Post/by Ellen Loughlin

Local-Level Threats: Cybersecurity Strategies for Regional Businesses

Date: February 16, 2023
Time: 1:00 PM- 1:30 PM Eastern
Attendee Link: https://adlumin.com/webinar/local-level-threats-cybersecurity-strategies-for-regional-businesses/

Securing your infrastructure is a challenge for any business in 2023. Between the uncertainty of the current economic landscape and the difficulty of maintaining on-premise and cloud hybrid environments, cybersecurity teams must factor in a lot of moving parts. For regional businesses, the problems are often exacerbated by less-developed security strategies, limited resources — and a higher volume of cyberattacks. To protect against these digital threats, regional organizations must explore the right cybersecurity solution for their specific needs.

Security solutions that work for an enterprise-scale business are not always what’s best for regional companies. Join cybersecurity experts and enthusiasts from Adlumin and ESG as they uncover threats regional businesses should be paying attention to and outline how to find a Security Operations vendor that fits your architecture. Reserve your spot.

Tune in to learn:

What unique security challenges are plaguing regional-level organizations?
How do you conduct an internal security audit and pinpoint your Security Operations Platform needs?
What differentiates the Adlumin Platform?
Why are transparency, MDR Services, and live reporting important?

Adlumin’s Jim Adams and Chris Joe Honored as a 2023 CRN® Channel Chief

February 6, 2023/in Blog Post/by Ellen Loughlin

By: Brittany Demendi, Corporate Communications Manager

CRN^®, a brand of The Channel Company, has recognized Jim Adams and Chris Joe on its 2023 Channel Chiefs list. This year’s list represents top IT executives responsible for building a robust channel ecosystem. Adams and Joe were selected from the editorial staff based on their record of business innovation and dedication to the partner community.

Adams is the Chief Revenue Officer with over 35 years of experience in IT with a focus on monetizing global partnerships and channel programs and execution. Joe is the Vice President, Channels and Distributions, with over 25 years of experience in the channel industry.

Through Adams’ leadership, the Adlumin Advantage Partner Program includes many partners ranging from MSPs, MSSPs, Value-Added Resellers, and System Integrators, and the company’s growth revenue has increased by 436 percent. Additionally, since joining the Adlumin team, Joe has developed a distribution strategy, including launching a partnership with Ingram Micro, creating and launching a market-leading MSP program, and more.

“Jim and Chris bring years of experience and expertise to the company and have measurable success with expanding channel partner programs,” said Robert Johnston, CEO at Adlumin. “I would like to congratulate both on achieving this accomplishment and making the 2023 CRN Channel Chiefs list; it is very well-deserved.”

To learn more, read the full press release here.

Three Benefits of Deception Technology: The Ultimate Trap

February 2, 2023/in Blog Post/by Ellen Loughlin

By: Brittany Demendi, Corporate Communications Manager

Like a worm dangling on a fishhook or the cheddar cheese waiting on a mouse trap, deception technology baits cybercriminals in the same way. The technology works as a cybersecurity defense, deploying realistic decoys (apps, files, credentials, files, databases, etc.) in a network alongside real assets acting as lures. Cybercriminals waste their time attempting to infiltrate a worthless network with useless assets, only to be tracked by the organization.

Immediately when a cybercriminal touches a decoy, intel is gathered, and alerts are generated, speeding up incident response time. Deception technology gives organizations a leg up in protecting their IT environment by identifying an activity before it completes the attack mission.

As organizations’ cyber awareness has increased in the past few years, their security and deception technology are taking the spotlight. This blog details three benefits of implementing deception technology, how it works, and where to start.

Benefit 1: Business Risk Awareness

When an organization’s business plans and strategies evolve, so should its security. Deception technology gives insight into the different tactics used by cybercriminals specific to your network, allowing concentrated solutions to be built.

In addition, most antivirus programs or security controls are unaware if your organization is going through a merger or if there was a spike in ransomware attacks within your industry. The benefit of deception technology is that it allows deception measures to be created around that merger or industry-specific risks to lure cybercriminals. This aligns security with business strategy and tightens up perceived risk.

Benefit 2: Decrease in Attack Dwell Time

Deception technology can be key for closing the time gap between the breadcrumbs cybercriminals leave and when the actual attack occurs. And with intellectual property and finances at risk, time to detect and respond are critical. When yet, many solutions do not trigger an alert until an attacker makes key moves, or they cannot provide crucial details like what warning signs they should’ve looked for from the beginning.

Decoys allow security teams to track cybercriminal behavior, identify when there is an attacker within their environment, and learn what goes on within every phase of an attack. In turn, malicious behavior can be recognized and detected before they disrupt an organization’s virtual environment.

Benefit 3: Increase Threat Detection

Cybercriminals get a false sense of accomplishment when they infiltrate a decoy network. In reality, they are providing metrics and behavior analytics to an organization, ultimately increasing security and making it harder on themselves. Deception technology can cover almost any attack vector and detect virtually any attack, including ransomware, lateral movement, social engineering, man-in-the-middle attacks, and more, in real-time.

Once a cybercriminal is detected within a decoy network, a security team can manipulate the environment based on their knowledge of the attack. For example, they can create situations that force attackers to disclose information about where they are from or what ransomware group they are part of. A security team can also cloud or distort the cybercriminal’s environment by implementing hijacking tools.

Honeypots: The Ultimate Trick and Trap

Like a moth to a flame, cybercriminals cannot resist the perfect decoy network to attack. There are many different deception technologies, but a good intruder trap to get started with is honeypots. Honeypots can help make the most out of catching a cybercriminal attacking your network. They are modeled after any organization’s digital assets, like servers, networks, or software applications.

Once the cybercriminal is inside, security teams track their movements to understand their motivations and methods better. It is vital for honeypots to contain vulnerabilities, but not too many that are blatantly obvious. Security teams must be strategic because many cybercriminals are advanced in their tactics. If they know they are in a honeypot, some will provide misinformation manipulating the environment, thus reducing efficiency.

A Complement to Threat Hunting

Deception technology, specifically honeypots, is integral to a comprehensive security strategy and plan. Their main goal is to expose vulnerabilities and lure a cybercriminal away from the legitimate target. Organizations also gather essential data and analytics about tactics from inside the decoy. It’s the perfect complement to threat hunting. Threat intelligence professionals proactively search for suspicious activity indicating network or malicious compromise. It is a manual process backed by existing collected network data correlation and automated searches. Deception technology and threat hunting are pieces within an overall comprehensive security strategy. Both take the proactive approach going beyond consistently sitting on the defense. Used in isolation, these pieces will not solely protect an organization, but when a part of a Security Operations Platform, they can further risk prevention for an organization.

Command Visibility

Deception technology is a valuable asset for organizations in their cybersecurity defense. It allows organizations to gain insight into the tactics used by cybercriminals, detect malicious behavior early, create traps and lures, and gather vital data and analytics. Honeypots are an excellent intruder trap while being the perfect complement to threat hunting. When used as part of a comprehensive security strategy, organizations can command security and cyber risk visibility by taking a proactive approach.

Are your Security Defenses Ready?

For more information, contact one of our cybersecurity experts for a demo to get started.

The Need to Know: Black Basta Ransomware Gang

January 26, 2023/in Blog Post/by Adlumin Staff

By: Mark Sangster, Chief of Strategy, and Kevin O’Connor, Director of Threat Research

Virulent Ransomware Gang Has Ties to FIN7 State-Sponsored Group

Discovery of Ransomware Gang FIN7

I discovered a rather clever adversary targeting investment firms in New York almost ten years ago. At the time, the group used Microsoft Macros to launch a fake Windows log-in pane to harvest credentials. Once an account was compromised, the adversaries would use it to send the phishing to the next victim. From that account, they moved to the next, and so on, until they captured key accounts at 70 funds. The number might sound small, but these firms managed billions in funds, so much so that the Security Exchange Commission (SEC) was concerned about a campaign to destabilize the economy, slowly crawling back from the 2008 subprime lending market collapse. The Russian-affiliated group was eventually labeled FIN7.

Black Basta Ransomware Gang Emerges

Fast forward to the present, and FIN7 crosses my desk. Yahoo! Finance asked me to comment on several ransomware attacks on food services and a grocery chain. It turns out the culprit, another Russian gang, Black Basta, had left its ransomware mark on over 50 victims since April of this year. According to SentinelOne research, there are trademark FIN7 (also called Carbanak) tactics and tools, including evasion tools and backdoor malware.

While FIN7’s original focus was financial data and institutions, a shift to a broader market, associations and the food industry is no surprise. Destabilizing food supply or heat utilities in the winter tend to create social angst and lead to eroded faith in the government to protect its citizens. While groups like Black Basta are primarily driven by financial gain, ideological impact as a byproduct is a free benefit.

A Political Big Brother: Russia

Given the hostilities in Ukraine, Russian retaliation against western countries providing support to Ukraine was deemed fair game for cybercriminals (like they were ever offside). Many of these groups (like Black Basta) either operate with impunity in Russia or some level of collusion or coordination with Russian agents.

FIN7 and Black Basta share more than ideology; a political big brother to protect them and target organizations. FIN7 technology brought nation-state capabilities to smaller ransomware gangs before ransomware-as-a-service with a thing (RaaS). They set the benchmark for researching their targets and using tactics that emulate insiders or actors that appear to be “in the know” of confidential information.

Ransomware Tactics Used

Ransomware gangs, like Black Basta, leveraged multi-extortion techniques (not unique), with enviable defense evasion and late manifesting symptoms that hide their presence until the ransomware detonation. They also rely on commodity malware like living off-the-land exploitation techniques, including the ever-growing popularity of Quakbot, PowerShell, WMI, netcat (used for lateral tunneling), mimikatz, CobaltStrike, and Coroxy. They’re also known for using the PrintNightmare vulnerability (CVE-2021-34527) for lateral movement, which can run on Linux against VMWare hypervisors to encrypt multiple hypervisor-hosted systems.

While sophisticated, they still rely on unpatched vulnerabilities, broad administrative access, and unguarded entry points. Consider Black Basta master chefs who can make delicious meals with reliable ingredients. Similarly, their encryption algorithm, ChaCha20, uses a robust RSA-4096 key but requires administrative privilege to execute.

Now What? CIS Controls to Implement

It’s a good news / bad news story. The bad news is that one of the most sophisticated ransomware gangs is back on the prowl. The good news is that they are mortal and can be stopped. They still use conventional tactics to infiltrate their targets: open vulnerabilities, unencrypted remote access points, exposed credentials, and over-provisioning administrative privilege. All of these tactics are detectable. Unfortunately, your insurance firm’s paneled incident response firm usually finds them as part of your claim.

The Center for Internet Security (CIS) is an excellent place for organizations to build a strong cybersecurity posture. CIS provides 18 controls for organizations of all sizes to safeguard data and mitigate cyber-attacks or ransomware attacks against their networks and systems. Here are just a few to get started with:

CIS Security Controls

CIS Control 7: Continuous Vulnerability Management (CVM)
- CVM covers one of the 18 controls by closing the gaps between significantly reducing risk and security assessments. Managing vulnerabilities and understanding is a continuous activity requiring the focus of resources, time, and attention. CVM assesses and tracks vulnerabilities on all enterprise assets within the infrastructure. It minimizes and remediates the window of opportunity for cybercriminals.
CIS Control 8: Audit Log Management
- Audit log management is the process of recording any activity used across an organization within the software systems. Audit logs document any occurrence of an event, the impacted entity, when it occurred, and who is responsible. In addition, compliance regulations require logs to be kept for a certain amount of time. Ensuring organizations collect, review, retain, and alert audit logs of events helps recover from an attack quicker.
CIS Control 14: Proactive Security Awareness
- Employees are every organization’s first line of defense. It is critical to arm them with the proper knowledge and skills to properly identify and report any suspicious activity. A Proactive Security Awareness Program empowers employees with the needed expertise. Security software can only defend for so long until someone clicks a malicious link- take the proactive approach.
CIS Control 18: Penetration Testing
- A penetration test or ‘ethical hacking’ evaluates the security of a system by attempting to breach accessibility, integrity, or confidentiality. A test provides real-world penetration scenarios covering industry-specific threat assessments offering actionable recommendations and rapid results.

The Adlumin Advantage

As co-founder and CEO of Adlumin, Robert Johnston is fond of saying even the biggest hacks had common factors and tactics. While companies were spending millions in the wake of massive data breaches, for a fraction of that cost, they could stop these common criminal chokepoints.

The Adlumin Security Operations Platform is designed to detect sophisticated tactics used by state-sponsored actors and provide simple response capabilities to disable compromised accounts, deactivate remote access services when suspicious activity is present, and identify event manipulation like creating unreconciled users or promoting account privileges. With Adlumin, you can stop these attacks early in the life cycle and prevent them from disrupting your business.

Are your Security Defenses Ready?

For more information, contact one of our cybersecurity experts for a demo to get started.

Inside the Mind of a Ransomware Gang

January 24, 2023/in Blog Post/by Adlumin Staff

Business Email Compromise Warning Signs and Defense

January 19, 2023/in Blog Post/by Adlumin Staff

By: Brittany Demendi, Corporate Communications Manager

According to recent FBI warnings, Business Email Compromise (BEC) scams are rising for organizations in the United States, naming them the $43 billion scam in 2022. Cybercriminals use these scams to ruthlessly target small to medium-sized businesses by researching and posing as vendors or employees attempting to siphon money. BEC scams do not require much sophistication, making them simple yet effective.

This blog identifies how a BEC scam works and how an organization can better protect itself before falling victim.

How Does a BEC Attack Work?

Cybercrime is an evolving game, and cybercriminals adjust their strategies and tactics as security increases. BEC attacks don’t need a tradecraft or advanced tool to execute so they can be presented in many forms. Here is how a typical attack can operate and run its course:

Research Target

Launch Attack OR Social Engineering

Winner, Winner

Research Target: Cybercriminals research and prepare for an attack by sifting through business email databases, mining LinkedIn profiles, or even searching company websites for information. They then carefully craft an email to the targets.

Launch Attack Option 1 – Phishing: Cybercriminals start their BEC attacks by sending out mass emails to see whom they can catch. During this phase, they use fake email names and look-alike domains to trick employees into thinking it’s a legitimate email and ultimately get them to click the link.

Launch Attack Option 2 – Social Engineering: Cybercriminals impersonate employees, specifically CEOs, attorneys, or vendors, to build trust with the target. They typically ask for an urgent request so that the employee will act immediately.

Winner, Winner: Cybercriminals make a financial gain or obtain account compromise. The cybercriminal successfully fooled the employee into believing that they were someone else.

How to Prevent a BEC Attack

Cybercriminals leave breadcrumbs before an actual attack occurs. In 2022, the average time to identify and contain an attack was 277 days. When you break it down, it took 207 days to identify the breach and an additional 70 days to contain it, according to IBM Report. If we can identify and contain breaches early, for example, in Phase 2, we can mitigate the financial damage and loss to an organization. The goal is to incorporate security awareness into every department, making it a part of the company culture and continuously testing the strength of your security.

Security Culture and Human Intelligence

Many account compromises, data breaches, and ransomware attacks could have been avoided. As an organization, you can take as many preventative measures and precautions as possible to mitigate the risk of an attack, and all it will take is a simple human error to put you at risk.

The good news is that there are measures organizations can take, such as implementing robust, Proactive Security Awareness Training. These programs empower employees to identify and report suspicious activity as the first line of defense during Phase 2 of an attack. It’s essential that training is not one-off sessions. The program is more efficient when it is consistent training that facilitates a positive cybersecurity culture, along with testing employees’ knowledge, so they are better prepared for when an actual BEC attack occurs.

The type of culture built at your organization directly impacts your success. For more tips, in a previous blog post, we outlined different ways to create a culture focused on security.

Test Your Security Strength and Protection

In addition to equipping employees with the proper knowledge, consistently testing your defenses is another proactive solution. Specifically, testing the Microsoft 365 (M365) environment will not only identify where gaps are in your protection, but it will test how your security stacks up to top tactics used to compromise accounts. Millions of organizations use M365, making it a popular target for cybercriminals mainly due to the amount of data and information they have access to when successfully compromising an account.

Security teams often lack the proper resources to identify risk areas and test their security programs. However, the free tool, M365 BEC Simulation Tool, allows organizations to test different scenarios that can compromise accounts on their security defense. The tool will also test to see how protected they are and are a huge help against BEC and ransomware attacks.

The free M365 BEC Simulation Tool can be highly beneficial because it tests the most common attacks cybercriminals use, such as brute force attack-to-success, logins using Tor to breach an account, and a successful login from a foreign country. In a recent blog post, we go into detail about how each one of these tactics works and what your proactive solution is against them.

The Proactive Approach

BEC attacks are low-risk, high-reward ways cybercriminals take advantage of employees and the security gaps within an organization’s defense. With smaller businesses being the number one target for BEC scams, cybercriminals know they typically have lower budgets for security. A light at the end of the tunnel, and free tools are available to you.

In addition, Managed Detection and Response Security Operation platforms and Managed Detection and Response (MDR) services are an extension of your security team by delivering top talent and expertise for a cost-effective rate. BEC attacks are rapidly growing and are the most financially damaging. What are you going to do to mitigate the risk?

Test Your Defenses: New Adlumin M365 Tool

January 12, 2023/in Blog Post/by Adlumin Staff

By: Shaul Saitowitz, Data Scientist at Adlumin

Test Your Defenses – For Free

Adlumin developed a free tool that measures how organizations’ security stacks up against today’s most popular cyberattack tactics against Microsoft. Conceived by Adlumin’s cofounder and CEO, Robert Johnston, the Microsoft 365 (M365) Business Email Simulator (BEC) tool is the first of a Test Your Defenses tool series slated for the 2023 rollout.

Adlumin’s M365 BEC Simulator tool allows organizations of all sizes to test their defenses against a brute force attack-to-success on a Microsoft 365 account, login from a foreign country, and Tor usage to access your network from a randomized location. The simulation is a quick but effective test of how well your systems are being monitored. Don’t turn a blind eye to threats lurking in plain sight.

This blog will dive into the three main attack tactics cybercriminals use to access your account and how Adlumin’s M365 BEC Simulator free tool can help you see where your security gaps are.

Tactic 1: Logins Using Tor to Breach an Account

The Tor network is system cybercriminals use to facilitate anonymous communication by hiding their Internet Protocol (IP) address through private connections and encryption. There can be some legitimate users within the Tor network; however, it can also be overwhelmingly malicious due to the network’s ability to act as a smokescreen to obscure and anonymize web activity.

Cybercriminals utilize the Tor network because it covers their tracks by directing internet traffic through thousands of relay nodes. If someone is using Tor to access your network, you want to know about it. Adlumin’s M365 BEC Simulator tool tests this type of attack to see if your security holds up against it, so you can further investigate.

Tactic 2: Brute Force Attacks-to-Success

Brute force attacks are a common way for attackers to gain access to a system using a high-volume guessing of passwords until they get lucky. Adlumin’s investigation and research show automated brute force attempts are common for any login exposed to the internet. This includes services that aren’t configured, such as Microsoft Exchange Online. The potential rewards of brute force attacks are huge because a cybercriminal gains access to your account that may host confidential information or data.

The new M365 BEC Simulator tool tests a successful brute force attack to see how your security is against it.

In addition, Multi-Factor Authentication (MFA) malfunctions are a related threat and need to be reported to ensure the assessment of second-line defenses. For example, Adlumin reports MFA failure for Okta and Cisco Duo clients through a Data Science logic for identifying suspicious incidents. Even with such alerting, routine testing is required to ensure breaches don’t go unnoticed, allowing time for a hacker to explore your file system.

Tactic 3: Foreign Country Logins

Most cyberattacks come from unidentified cybercriminals or groups from all over the world. That said, most cybercriminals don’t just target individuals or organizations in their native country. Some of the most successful account logins come from unusual locations that the user is clearly not at. When your organization gets hit from an area where none of your employees work, your accounts and data are no longer safe.

The Adlumin M365 BEC Simulator tool takes care of the many tricky details of simulating such intrusion, allowing you to stress-test logins from distant shores without spending on air tickets, whether from a Mumbai high-rise or a train station in Düsseldorf.

Does Your Security Measure Up?

See how your security stacks up against top tactics used to compromise accounts. Download Adlumin’s free M365 BEC Simulation tool today, or contact one of our cybersecurity experts for a demo and more information.

The Evolving Role of the Banker in Today’s Cyber Landscape

January 11, 2023/in Blog Post/by Adlumin Staff

Date: January 19, 2023

Time: 1:00 PM- 1:30 PM Eastern

Attendee Link: https://adlumin.com/webinar/banker-in-todays-cyber-landscape/

Cybersecurity culture is more than just awareness. It requires employees from all departments to participate in the broader corporate culture of daily actions, encouraging them to make mindful decisions that align with security policies.

Join a panel of industry experts from Adlumin, BankTech Ventures, and Beauceron Security as they discuss top cyber threats for businesses, how easily bank employees’ emails are compromised, and how to be proactive with your security.