Beauty is in the Eye of the Deceiver: Deception Technology for Your Zero-Trust Arsenal

/in /by

By: Brittany Demendi, Corporate Communications Manager

Register for Adlumin’s Upcoming Webinar:

Beauty is in the Eye of the Deceiver: Deception Technology for Your Zero-Trust Arsenal 

Date: March 16, 2023

Time: 5:00 PM EST

Attendee Linkhttps://adlumin.com/webinar/beauty-is-in-the-eye-of-the-deceiver/

As cyberattacks become more frequent and sophisticated, traditional security measures are no longer enough to keep organizations safe. To help businesses stay ahead of cybercriminals, Adlumin’s VP, Chief of Strategy, Mark Sangster, and Director of Threat Research, Kevin O’Connor, discuss zero trust and complementing detection and response capabilities with deception technology.

By deploying deception technology, businesses can detect cyberattacks early, reducing the impact of any breach. It also gives businesses insight into criminal tactics and techniques, allowing them to better protect themselves against future attacks.

Tune in to learn:

  • How zero trust applies to cyber risk management.
  • How to use deception technologies to detect threats quickly and gain threat intelligence into criminal tactics and techniques.
  • Ways to complement detection and response capabilities with deception technologies to strengthen your security posture.

Honeypots 101: Origin, Services, and Types

/in /by

By: Kevin O’Connor, Director of Threat Research

The Origin of the Honeypot

In the 1980s, honeypots became a permanent fixture in cybersecurity, riding the lines of defensive and deception technologies. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, published by Clifford Stoll in 1989, details the hunt for a computer hacker (later identified to be Markus Hess) who digitally broke into Lawrence Berkley National Laboratory (LBNL) in 1986[1]. Stoll provides one of the first descriptions of what is known today as a honeypot.

To catch the hacker, Stoll set up an elaborate ploy by inventing a fictitious department under an imaginary contract within a real organization under LBNL that Stoll suspected the hacker was targeting. Creating a fake user working for the faux organization, Stoll filled the user’s digital assets with attractive-looking documents designed to gain the hacker’s attention and lure them into grabbing the files. His efforts would ultimately lead to discovering the hacker’s identity as Hess and the following arrest in Germany.

After Stoll flew to Germany and testified against Hess, it became public that Hess had been selling the bounty of his hacking operations against organizations like LBNL to the Soviet Union’s KGB intelligence agency. They would also work out that a Hungarian agent had contacted the fictitious LBNL department using information that could have only been sourced from Hess. This was part of the KGB’s standard routine to verify Hess’s information.

Later, in 1991, Bill Cheswick, considered one of the pioneers of computer security, published An Evening with Berferd in Which a Cracker is Lured, Endured, and Studied[2]. The Chronicle, one of the earliest technical descriptions of a honeypot, details leading a hacker on a “merry chase” to trace his location and learn his techniques. It details the bait and traps used to lure him and is the work that first applied and popularized the terminology of “jail” in cyber security. Cheswick had created a digital jail to trap the actor and watch their actions in detail[3].

The concept of a honeypot has come a long way since its first use in the 1980s. Pioneers like Stoll and Cheswick were instrumental in laying the foundation for what has become an essential component of modern cybersecurity strategies. With the advancements in technology and the increasing sophistication of cyber-attacks, the use of honeypots has evolved over the years. Today, honeypots are used for defense, research, threat intelligence gathering, and incident response. Let’s explore the current usage landscape of honeypots in the field of cybersecurity and some considerations in deployment and usage.

What is a Honeypot?

Honeypots are security systems that lure cyber attackers and track their activities in a secure, isolated, and monitored environment. Honeypots can distract potential attacks from a target’s critical resources; act as an intelligence-gathering platform about attacks and their tactics, techniques, and procedures (TTPs); and strengthen security overall. Information collected by honeypots can also be used to identify vulnerabilities in a system, software, or protocol. They are, in essence, a decoy computer system meant to attract, trap, and expose potential attackers. As attackers are drawn to the honeypot and focus their efforts there, more valuable systems and data are protected by the attacker’s exposure through the honeypot. A well-designed and implemented honeypot is isolated from the rest of the network. It does not contain any sensitive information, so there is no risk of the attacker compromising it and accessing sensitive data.

Common Honeypot Services

Modern honeypots will typically work to provide “jailed” access to systems over specific protocols and their related applications, such as email, web services, and network administration services. These targeted applications may present high-value access to the target, data collection, theft opportunities, or an easy way to compromise and pivot through an organization’s and network’s systems.

Common services that are often developed into honeypots include:

  • File Transfer Protocol (FTP)
  • Telnet
  • Secure Shell (SSH)
  • HTTP Web Services
  • MySQL or Database Specific Applications
  • Administrative Applications
  • Other Remote Access Methods (VPNs, Remote Desktops, and remote support apps)

Most network and computer services can be adapted into a honeypot with the proper modifications. Which honeypot services your organization deploys will depend on its legitimate services, attack surface, and known attacker motivations.

Types of Honeypots

Honeypots come in various forms and have evolved to meet the changing threat landscape. Several types of honeypots are designed to cater to specific security needs.

  1. Low-interaction honeypots are designed to simulate a limited number of services and are less complex to implement, making them ideal for small-scale organizations. On the other hand, high-interaction honeypots offer a much more realistic and complex environment and are designed for organizations with larger security teams[4].
  2. Another type of honeypot is a hybrid honeypot, which is a combination of low-interaction and high-interaction honeypots. This honeypot balances complexity and ease of deployment, making it ideal for medium-sized organizations.
  3. Virtual honeypots simulate a network environment and lure attackers into a virtual and often restricted or more heavily monitored network enclave.
  4. Honeypots can also be combined to create a honeynet or honeyfarm, a network of honeypots used to monitor and track attacker activities. Honeynets are often used to gather information about and monitor large-scale attacks, such as distributed denial-of-service (DDoS) attacks.

Through pioneers like Stoll and Cheswick, honeypots have evolved from simple traps used to study and track hackers to complex security solutions that detect, prevent, and respond to cyber threats. The term “honeypot” has become synonymous with deceptive security technologies, and the concept is widely used in various industries, from financial services to healthcare, to protect against cyberattacks. And regardless of the type, honeypots are an indispensable tool in any cybersecurity arsenal that is crucial in detecting and mitigating cyber-attacks.

Visit the Adlumin for Honeypots resource page for more information on expanding your defenses with deception technology.

References

  1. Stoll, C. (1989). The Cuckoo’s Egg: Inside the world of Computer Espionage. Doubleday.
  2. Cheswick, B. (n.d.). Biography. Bill Cheswick’s bio. Retrieved January 30, 2023, from https://www.cheswick.com/ches/bio.html
  3. Cheswick, B. (1992). https://cheswick.com/ches/papers/berferd.pdf. Winter USENIX Conference, San Francisco, 20–24. https://doi.org/https://cheswick.com/ches/papers/berferd.pdf
  4. Edgar, T. W., & Manz, D. O. (2017). Research methods for cyber security. Syngress, an imprint of Elsevier.

Adlumin Promotes Miguel Hablutzel to Vice President of Managed Security Services

/in /by

By: Brittany Demendi, Corporate Communications Manager

Adlumin announced the promotion of Miguel Hablutzel as Vice President of Managed Security Services. Hablutzel brings a wealth of experience and expertise to Adlumin, and his efforts speak volumes through Adlumin’s continued growth and expansion.

Before his time at Adlumin, Hablutzel served as the President and CEO of a Cybersecurity Consulting company based in Tampa, Florida, and a Vice President of Product Strategy for a large security management company in North Carolina. He oversaw solutions ranging from developing and managing a 24×7 Security Operations Center (SOC) to Virtual Information Security Officer Program (vISO).

Please join Adlumin in congratulating Hablutzel on his outstanding contributions to his department and his promotion.

Six Cybersecurity Solutions to Protect Higher Education and K-12 School Districts

/in /by

By: Brittany Demendi, Corporate Communications Manager

Usually, when we think of primary targets of cyberattacks, finance, banking, healthcare, and even municipalities come to mind., But, in reality, higher education and K-12 schools are also key targets. From sensitive student information to financial and research data, cybercriminals have plenty of temptation to target education. The most disturbing aspect of these attacks is that higher education and K-12 schools are tremendously behind in their cybersecurity efforts. The secret is out, and cyber criminals are showing no mercy. Microsoft reported that education recently accounted for 80% of enterprise malware.

Challenge: The Education Industry is Lagging in Cybersecurity

The education sector is struggling to keep up with cyber threats, and technology alone is not enough to protect schools. Education, like cybersecurity, evolves and requires people and products to do the same. If not, there is a lot at stake.

For example, school districts use specialized software to track students’ progress records, highly sensitive and confidential information on children. The New York Times reports on a recent cyberattack where the personal information of over 1 million former and current students was affected. Intimate information was breached, including descriptions of disabilities, behavior incidents, migrant status, ethnicities, names, birth dates, and more. This data breach violates student privacy laws that schools must abide by.

This cyberattack propelled the school district to up its cybersecurity and come out with multiple press releases to reassure students, employees, and parents that they are doing everything possible to secure sensitive data. The goal is not to let it get to this stage, but how can higher education and K-12 school districts mitigate risk and not fall behind?

Six Solutions to Eliminate Risk and Illuminate Threats

  1. Tech Funding Reevaluation: Addressing current and rising risks when assessing your cybersecurity budget is key. See if there is an opportunity to reallocate the budget to a platform that provides visibility and services with greater value in the long run rather than a security or anti-virus program. Unlike large corporations, education tends to operate on a smaller budget, so every dollar must provide the most value possible.
  2. Incident Response Plan: As an educational organization, you are consistently in the spotlight, especially for your reactions to challenging situations. The same goes for when an attack occurs. The media, parents, and students are watching to see the response plan with their personal opinion on deck. Put together a response plan where you have steps in place if a data breach or security incident happens.

    In addition, conduct a tabletop exercise to clarify the responsibilities and roles of your incident response team.  Knowing who makes what decision during a cyber crisis and how your team works together is ideal, which we have identified previously in The Ultimate Guide to Managing Strong Personalities During a Cyber Crisis.

    The tabletop exercise highlights team members and any gaps within your plan resulting in an action plan for an emergency. They are vital to business operations and help mitigate further reputational damage that schools cannot afford

  1. Invest in a Security Operations Platform: Cybercriminals are evolving their tactics and strategies, and so should educational organizations. IT teams are stretched thin, especially when the budget is low. Finding a security operations platform that includes risk management is built to assist in taking command of security and compliance—streamlining data ingesting, compliance, and analysis workflows throughout the enterprise. This illuminates system vulnerabilities, unseen cyber threats, and IT operations, so the path to visibility is clear.
  2. Implement Managed Detection and Response (MDR) Services: MDR services deliver 24×7 benefits scaled for higher education and K-12 school districts of all sizes. These services extend your security team without being too costly, offering around-the-clock coverage and access to one platform with everything in view. Many organizations opt for MDR services because their teams gain time back in their day and peace of mind knowing they are covered. A dedicated team continuously identifies critical vulnerabilities, rapidly remediates risks, and prioritizes threats and dangers.
  3. Test Your Defenses with Microsoft 365 Business Email Compromise Simulation: Business Email Compromise (BEC) is a critical method cyber criminals use target faculty, students, and administration. One of the primary types of a BEC attack is account compromise, when a cybercriminal gains access to the target’s account and uses it maliciously. Due to a lack of cybersecurity awareness, many attacks are successful and could’ve been avoided in most situations. Testing your defenses, specifically the Microsoft 365 (M365) environment, with an M365 BEC Simulation tool will not only identify how your security stacks up to top tactics used to compromise accounts, but it will also identify where all the gaps are in your protection.
  4. Make Security Awareness a Culture: Your students and employees are the first lines of defense against cybercriminals. They must feel empowered with the knowledge of reporting suspicious activities when they are targeted. Cybersecurity culture is essential to higher and K-12 education resilience to reduce the risk associated with human error. Thus, this culture needs to be a part of a broader organizational culture of daily actions encouraging faculty and students to make mindful decisions that align with educational security policies. A Proactive Security Awareness program does just that. Implementing fully managed security awareness testing and training is proven to reduce the risk posed by the human component.

Cyberattacks in the education sector are a growing trend. Most concerning is that the schools lag in their cybersecurity efforts due to limited budgets, lack of awareness, and more remote students. Fortunately, there is a light at the end of the tunnel and affordable resources to help illuminate these attacks. It is essential to seek out these resources and find experts that can assist with acting as an extension to your security team for 24×7 surveillance. Managing cyber risks becomes easy when everything is in one place from one platform.

ICBA Live 2023: Honolulu, HI

/in /by

Dates: March 12-16, 2023
Location: Hilton Hawaiian Village Waikiki Beach Resort – Honolulu, HI
Booth #: 932 (Main Street Foyer next to ThinkTECH)

Join Mark Sangster, Vice President, Chief of Strategy at Adlumin, during his speaking session at ICBA Live 2023 and converse with us at Adlumin’s booth #932, located at the Main Street Foyer next to ThinkTech.

During his speaking session, Sangster will debunk the cyber misconceptions that plague most businesses. You’ll learn how to frame conversations to report on risks rather than threats, define objectives and priorities, allocate resources, and report that demonstrates, not action.

Cybersecurity is not an IT problem to solve, it’s a business risk to manage.

Speaking Session: The Cyber Rosetta Stone: Translating the Ones and Zeroes of Threats to the Dollars and Cents of Risk

Speaker: Mark Sangster, Vice President, Chief of Strategy at Adlumin
Session Date: Tuesday, March 14, 2023
Session Time: 7:00 AM – 7:50 AM HST

For complete event information, visit our ICBA Live event page.

Questions? Contactmarketingevents@adlumin.com

Three Critical Elements for the Perfect Security Operations Mix

/in /by

Investing in a Security Operations Platform plus Managed Detection and Response (MDR) Services enables access to talented, around-the-clock cybersecurity experts, scalability, lower ongoing costs, and shared threat intelligence. This final white paper in our 3-part series details the first steps to building the foundation of your Security Operations Platform and outlines three critical elements to incorporate into your cybersecurity strategy.

According to Gartner, data breaches broke records in 2021, so 88% of executives consider cybersecurity a top threat to their operations rather than a technical IT problem. Organizations must invest in solutions that proactively and continuously protect against threats while offering automated solutions to mitigate the risk of an attack. Technologies and services are often expensive and complex requiring effective management. For this reason, many small-to-medium businesses turn to a Security Operations Platform.

As the threat landscape evolves, compliance regulations follow suit, and the volume of data and emerging technology introduces new obligations and exposures. MDR services utilize organizations’ data by tracking and detecting threat trends across a broad base of monitored customers. The assistance from an extended security team is invaluable, as they manage the software and tools in your security stack and provide 24×7 emergency responses for attacks.

Key takeaways:

  • First steps to building the foundation of a Security Operations Platform
  • Three critical elements to incorporate into your cybersecurity strategy
  • The benefits of MDR services and 360-degree visibility

Adlumin wants to be your guide to educating you on the threats your organization is up against while equipping your IT landscape with the necessary tools.

Download Three Critical Elements for the Perfect Security Operations Mix to get started.

Local-Level Threats: Cybersecurity Strategies for Regional Businesses

/in /by

Register for Adlumin’s Upcoming Webinar:

Local-Level Threats: Cybersecurity Strategies for Regional Businesses

Date: February 16, 2023
Time: 1:00 PM- 1:30 PM Eastern
Attendee Linkhttps://adlumin.com/webinar/local-level-threats-cybersecurity-strategies-for-regional-businesses/

Securing your infrastructure is a challenge for any business in 2023. Between the uncertainty of the current economic landscape and the difficulty of maintaining on-premise and cloud hybrid environments, cybersecurity teams must factor in a lot of moving parts. For regional businesses, the problems are often exacerbated by less-developed security strategies, limited resources — and a higher volume of cyberattacks. To protect against these digital threats, regional organizations must explore the right cybersecurity solution for their specific needs.

Security solutions that work for an enterprise-scale business are not always what’s best for regional companies. Join cybersecurity experts and enthusiasts from Adlumin and ESG as they uncover threats regional businesses should be paying attention to and outline how to find a Security Operations vendor that fits your architecture. Reserve your spot.

Tune in to learn:

  • What unique security challenges are plaguing regional-level organizations?
  • How do you conduct an internal security audit and pinpoint your Security Operations Platform needs?
  • What differentiates the Adlumin Platform?
  • Why are transparency, MDR Services, and live reporting important?

Adlumin’s Jim Adams and Chris Joe Honored as a 2023 CRN® Channel Chief

/in /by

By: Brittany Demendi, Corporate Communications Manager

CRN®, a brand of The Channel Company, has recognized Jim Adams and Chris Joe on its 2023 Channel Chiefs list. This year’s list represents top IT executives responsible for building a robust channel ecosystem. Adams and Joe were selected from the editorial staff based on their record of business innovation and dedication to the partner community.

Adams is the Chief Revenue Officer with over 35 years of experience in IT with a focus on monetizing global partnerships and channel programs and execution. Joe is the Vice President, Channels and Distributions, with over 25 years of experience in the channel industry.

Through Adams’ leadership, the Adlumin Advantage Partner Program includes many partners ranging from MSPs, MSSPs, Value-Added Resellers, and System Integrators, and the company’s growth revenue has increased by 436 percent. Additionally, since joining the Adlumin team, Joe has developed a distribution strategy, including launching a partnership with Ingram Micro, creating and launching a market-leading MSP program, and more.

“Jim and Chris bring years of experience and expertise to the company and have measurable success with expanding channel partner programs,” said Robert Johnston, CEO at Adlumin. “I would like to congratulate both on achieving this accomplishment and making the 2023 CRN Channel Chiefs list; it is very well-deserved.”

To learn more, read the full press release here.

Three Benefits of Deception Technology: The Ultimate Trap

/in /by

By: Brittany Demendi, Corporate Communications Manager

Like a worm dangling on a fishhook or the cheddar cheese waiting on a mouse trap, deception technology baits cybercriminals in the same way. The technology works as a cybersecurity defense, deploying realistic decoys (apps, files, credentials, files, databases, etc.) in a network alongside real assets acting as lures. Cybercriminals waste their time attempting to infiltrate a worthless network with useless assets, only to be tracked by the organization.

Immediately when a cybercriminal touches a decoy, intel is gathered, and alerts are generated, speeding up incident response time. Deception technology gives organizations a leg up in protecting their IT environment by identifying an activity before it completes the attack mission.

As organizations’ cyber awareness has increased in the past few years, their security and deception technology are taking the spotlight. This blog details three benefits of implementing deception technology, how it works, and where to start.

Benefit 1: Business Risk Awareness

When an organization’s business plans and strategies evolve, so should its security. Deception technology gives insight into the different tactics used by cybercriminals specific to your network, allowing concentrated solutions to be built.

In addition, most antivirus programs or security controls are unaware if your organization is going through a merger or if there was a spike in ransomware attacks within your industry. The benefit of deception technology is that it allows deception measures to be created around that merger or industry-specific risks to lure cybercriminals. This aligns security with business strategy and tightens up perceived risk.

Benefit 2: Decrease in Attack Dwell Time

Deception technology can be key for closing the time gap between the breadcrumbs cybercriminals leave and when the actual attack occurs. And with intellectual property and finances at risk, time to detect and respond are critical. When yet, many solutions do not trigger an alert until an attacker makes key moves, or they cannot provide crucial details like what warning signs they should’ve looked for from the beginning.

Decoys allow security teams to track cybercriminal behavior, identify when there is an attacker within their environment,  and learn what goes on within every phase of an attack. In turn, malicious behavior can be recognized and detected before they disrupt an organization’s virtual environment.

Benefit 3: Increase Threat Detection

Cybercriminals get a false sense of accomplishment when they infiltrate a decoy network. In reality, they are providing metrics and behavior analytics to an organization, ultimately increasing security and making it harder on themselves. Deception technology can cover almost any attack vector and detect virtually any attack, including ransomware, lateral movement, social engineering, man-in-the-middle attacks, and more, in real-time.

Once a cybercriminal is detected within a decoy network, a security team can manipulate the environment based on their knowledge of the attack. For example, they can create situations that force attackers to disclose information about where they are from or what ransomware group they are part of. A security team can also cloud or distort the cybercriminal’s environment by implementing hijacking tools.

Honeypots: The Ultimate Trick and Trap

Like a moth to a flame, cybercriminals cannot resist the perfect decoy network to attack.  There are many different deception technologies, but a good intruder trap to get started with is honeypots. Honeypots can help make the most out of catching a cybercriminal attacking your network. They are modeled after any organization’s digital assets, like servers, networks, or software applications.

Once the cybercriminal is inside, security teams track their movements to understand their motivations and methods better. It is vital for honeypots to contain vulnerabilities, but not too many that are blatantly obvious. Security teams must be strategic because many cybercriminals are advanced in their tactics. If they know they are in a honeypot, some will provide misinformation manipulating the environment, thus reducing efficiency.

A Complement to Threat Hunting

Deception technology, specifically honeypots, is integral to a comprehensive security strategy and plan. Their main goal is to expose vulnerabilities and lure a cybercriminal away from the legitimate target. Organizations also gather essential data and analytics about tactics from inside the decoy. It’s the perfect complement to threat hunting. Threat intelligence professionals proactively search for suspicious activity indicating network or malicious compromise. It is a manual process backed by existing collected network data correlation and automated searches. Deception technology and threat hunting are pieces within an overall comprehensive security strategy. Both take the proactive approach going beyond consistently sitting on the defense. Used in isolation, these pieces will not solely protect an organization, but when a part of a Security Operations Platform, they can further risk prevention for an organization.

Command Visibility

Deception technology is a valuable asset for organizations in their cybersecurity defense. It allows organizations to gain insight into the tactics used by cybercriminals, detect malicious behavior early, create traps and lures, and gather vital data and analytics. Honeypots are an excellent intruder trap while being the perfect complement to threat hunting. When used as part of a comprehensive security strategy, organizations can command security and cyber risk visibility by taking a proactive approach.

Are your Security Defenses Ready?

For more informationcontact one of our cybersecurity experts for a demo to get started.

The Need to Know: Black Basta Ransomware Gang

/in /by

By: Mark Sangster, Chief of Strategy, and Kevin O’Connor, Director of Threat Research

Virulent Ransomware Gang Has Ties to FIN7 State-Sponsored Group

Discovery of Ransomware Gang FIN7

I discovered a rather clever adversary targeting investment firms in New York almost ten years ago. At the time, the group used Microsoft Macros to launch a fake Windows log-in pane to harvest credentials. Once an account was compromised, the adversaries would use it to send the phishing to the next victim. From that account, they moved to the next, and so on, until they captured key accounts at 70 funds. The number might sound small, but these firms managed billions in funds, so much so that the Security Exchange Commission (SEC) was concerned about a campaign to destabilize the economy, slowly crawling back from the 2008 subprime lending market collapse. The Russian-affiliated group was eventually labeled FIN7.

Black Basta Ransomware Gang Emerges

Fast forward to the present, and FIN7 crosses my desk. Yahoo! Finance asked me to comment on several ransomware attacks on food services and a grocery chain. It turns out the culprit, another Russian gang, Black Basta, had left its ransomware mark on over 50 victims since April of this year. According to SentinelOne research, there are trademark FIN7 (also called Carbanak) tactics and tools, including evasion tools and backdoor malware.

While FIN7’s original focus was financial data and institutions, a shift to a broader market, associations and the food industry is no surprise. Destabilizing food supply or heat utilities in the winter tend to create social angst and lead to eroded faith in the government to protect its citizens. While groups like Black Basta are primarily driven by financial gain, ideological impact as a byproduct is a free benefit.

A Political Big Brother: Russia

Given the hostilities in Ukraine, Russian retaliation against western countries providing support to Ukraine was deemed fair game for cybercriminals (like they were ever offside). Many of these groups (like Black Basta) either operate with impunity in Russia or some level of collusion or coordination with Russian agents.

FIN7 and Black Basta share more than ideology; a political big brother to protect them and target organizations. FIN7 technology brought nation-state capabilities to smaller ransomware gangs before ransomware-as-a-service with a thing (RaaS). They set the benchmark for researching their targets and using tactics that emulate insiders or actors that appear to be “in the know” of confidential information.

Ransomware Tactics Used

Ransomware gangs, like Black Basta, leveraged multi-extortion techniques (not unique), with enviable defense evasion and late manifesting symptoms that hide their presence until the ransomware detonation. They also rely on commodity malware like living off-the-land exploitation techniques, including the ever-growing popularity of Quakbot, PowerShell, WMI, netcat (used for lateral tunneling), mimikatz, CobaltStrike, and Coroxy. They’re also known for using the PrintNightmare vulnerability (CVE-2021-34527) for lateral movement, which can run on Linux against VMWare hypervisors to encrypt multiple hypervisor-hosted systems.

While sophisticated, they still rely on unpatched vulnerabilities, broad administrative access, and unguarded entry points. Consider Black Basta master chefs who can make delicious meals with reliable ingredients. Similarly, their encryption algorithm, ChaCha20, uses a robust RSA-4096 key but requires administrative privilege to execute.

Now What? CIS Controls to Implement

It’s a good news / bad news story. The bad news is that one of the most sophisticated ransomware gangs is back on the prowl. The good news is that they are mortal and can be stopped. They still use conventional tactics to infiltrate their targets: open vulnerabilities, unencrypted remote access points, exposed credentials, and over-provisioning administrative privilege. All of these tactics are detectable. Unfortunately, your insurance firm’s paneled incident response firm usually finds them as part of your claim.

The Center for Internet Security (CIS) is an excellent place for organizations to build a strong cybersecurity posture. CIS provides 18 controls for organizations of all sizes to safeguard data and mitigate cyber-attacks or ransomware attacks against their networks and systems. Here are just a few to get started with:

CIS Security Controls

  • CIS Control 7: Continuous Vulnerability Management (CVM)
    • CVM covers one of the 18 controls by closing the gaps between significantly reducing risk and security assessments. Managing vulnerabilities and understanding is a continuous activity requiring the focus of resources, time, and attention. CVM assesses and tracks vulnerabilities on all enterprise assets within the infrastructure. It minimizes and remediates the window of opportunity for cybercriminals.
  • CIS Control 8: Audit Log Management
    • Audit log management is the process of recording any activity used across an organization within the software systems. Audit logs document any occurrence of an event, the impacted entity, when it occurred, and who is responsible. In addition, compliance regulations require logs to be kept for a certain amount of time. Ensuring organizations collect, review, retain, and alert audit logs of events helps recover from an attack quicker.
  • CIS Control 14: Proactive Security Awareness
    • Employees are every organization’s first line of defense. It is critical to arm them with the proper knowledge and skills to properly identify and report any suspicious activity. A Proactive Security Awareness Program empowers employees with the needed expertise. Security software can only defend for so long until someone clicks a malicious link- take the proactive approach.
  • CIS Control 18: Penetration Testing
    • A penetration test or ‘ethical hacking’ evaluates the security of a system by attempting to breach accessibility, integrity, or confidentiality. A test provides real-world penetration scenarios covering industry-specific threat assessments offering actionable recommendations and rapid results.

The Adlumin Advantage

As co-founder and CEO of Adlumin, Robert Johnston is fond of saying even the biggest hacks had common factors and tactics. While companies were spending millions in the wake of massive data breaches, for a fraction of that cost, they could stop these common criminal chokepoints.

The Adlumin Security Operations Platform is designed to detect sophisticated tactics used by state-sponsored actors and provide simple response capabilities to disable compromised accounts, deactivate remote access services when suspicious activity is present, and identify event manipulation like creating unreconciled users or promoting account privileges. With Adlumin, you can stop these attacks early in the life cycle and prevent them from disrupting your business.

Are your Security Defenses Ready?

For more information, contact one of our cybersecurity experts for a demo to get started.

Adlumin Cybersecurity

Headquarters (N-able)
30 Corporate Drive, Suite 400
Burlington, MA 01803
USA
(202) 570-7907

Get a Demo Free Trial Contact Adlumin
Adlumin Inc 5000

Privacy Policy  Sitemap  GDPR Privacy Notice

GDPR Data Processing Addendum  GDPR Privacy Request Form

Copyright 2024 Adlumin, Inc. All Rights Reserved