Article | March 11, 2020
Microsoft is warning on a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017.The critical bug (CVE-2020-0796) affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week. The bug can be found in version 3.1.1 of Microsoft’s SMB file-sharing system. SMB allows multiple clients to access shared folders and can provide a rich playground for malware when it comes to lateral movement and client-to-client infection. This was played out in version 1 of SMB back in 2017, when the WannaCry ransomware used the NSA-developed EternalBlue SMB exploit to self-propagate rapidly around the world.
Article | December 15, 2020
There are three significant and disruptive cybersecurity threats that are catching organizations of all types and sizes by surprise:
Cloud misconfigurations; and
Supply chain backdoors.
Let me explain with recent examples and guide you on what you can do to avoid making other’s mistakes and falling victim to the threats.
Let’s start with ransomware. It is one of the most disruptive risks facing your organization today. Why? Because it can literally bring your operations, no matter who you are, to a standstill and inflict significant cost, pain and suffering.
Just look at the recent example of one organization. It was infected with ransomware, and IT systems were shut down for several weeks, bringing operations to a standstill. It had to gradually re-start systems over several more weeks. It estimates it will cost around $95 million from lost sales, recovery and remediation, impacting profitability. Also, it announced it will not be able to attain its growth plans for the year.
Take another recent example. A three-hospital system was infected and IT systems were shut down and it could not accept any incoming patients for several days. It had to operate using paper, until gradually the IT systems were re-started over several days. Fortunately, in this case, the incoming patients turned away did not suffer any loss of life and were able to be diverted to other hospitals timely, but it could have been tragic.
No organization is immune to ransomware and it can rear its ugly head anytime and inflict severe pain.
There are many variants and each can be tweaked easily by the attackers to evade the defense. The Ryuk ransomware is an example of one that has already inflicted significant pain to hundreds of organizations this year in the U.S. and across the globe. Previously, the SamSam ransomware attacked a variety of organizations in the U.S. and Canada, and provided over $6 million in ransom payments and inflicted over $30 million in losses. Prior to that, NotPetya ransomware rapidly inflicted hundreds of organizations in various parts of the world, and caused over $10 billion in damages.
The attackers are seeing that with ransomware it is quicker and easier to make the intrusion, and encrypt some of the data than try to exfiltrate all of it. They are asking themselves, why take all the time and trouble to look for all of the data and try to steal it, when only some critical systems and data can be locked up, until a ransom is paid?
They are seeing that with ransomware there will be immediate adverse impact since the victim will not be able to access critical data and systems, and will not be able to operate. So, there is high probability the ransom will be paid to stop the pain and suffering, especially if the victim has cyber insurance in place. The organization is likely to use the insurance policy to pay the ransom, rather than continue to have its operations disrupted or shut down.
They are also seeing that while most organizations have put in place various controls to prevent and detect data theft, they have not placed an equal weight to preventing and detecting ransomware. Most organizations have a lot of data and given all of the data thefts that have occurred and continue to occur and reported in the press, the bias has been to focus on data theft. But ransomware risk cannot be ignored or approached less seriously.
Imagine that you are infected with ransomware and your people cannot access documents, files or systems, and operate. All critical files and systems are locked out from the ransomware encryption, and a ransom payment is demanded by the hacker for the keys to unlock the encryption. What if, it will take you days, weeks or months to recover? What impact would it have on your organization?
You may think that you will be able to recover quickly from back up files and systems, but are you sure? The new ransomware variants are devised to hunt down and delete or encrypt backup files and systems also, and in some cases, first, before encrypting rest of the files and systems.
The organization that was recently infected that estimates $95 million in financial impact from the ransomware thought it had the risk under control, until it was hit with the ransomware and realized it was not prepared to manage the risk.
Now, let’s move to the threat from cloud misconfigurations.
You are most probably in the cloud completely or partially. Whether you have completely outsourced your infrastructure and services to a cloud provider or are utilizing one partially, remember, ultimately, you own the cybersecurity and that you are responsible for security in the cloud, while the cloud provider is responsible for security of the cloud.
While the cloud provider will provide perimeter security, you are responsible for security of your data, IP and other assets in the cloud, and are equally susceptible to attackers in the cloud as you are on the premises. Even if any of the “big six” cloud providers, such as Amazon Web Services or Microsoft Azure or others, provide the cybersecurity, attackers can exploit weak links in the chain, break in and steal data or cause other harm.
A common weak link in the chain are misconfigurations of the various systems that the cloud provider makes available as part of its service. You are responsible for all of the configurations, not the cloud provider. So, if your team does not take the time to fully understand all of the configurations that are necessary and complete them timely, security holes will arise and remain open for the attackers to exploit.
Just look at the recent example of an organization that fell victim where the data of over 100 million customers was stolen. This organization was using one of the “big six” cloud providers, but missed making all of the necessary configurations. A former employee of the cloud provider, who was familiar with the systems and configurations, discovered a misconfiguration in a web application firewall and exploited it to break in. The attacker then was able to query a metadata service to obtain keys and tokens, which allowed the attacker to query and copy storage object data and eventually exfiltrate it.
This was a case where configuration errors in a web application firewall coupled with unrestricted metadata service access and other errors handed the attacker the keys to the kingdom for the theft of 100 million customers data.
Other common cloud misconfigurations that create opportunities for attackers to exploit include:
Unrestricted in bound access on uncommon ports
Unrestricted outbound access
Unrestricted access to non-http/https ports
Unrestricted metadata service requests
Inactivate monitoring of keys and tokens
You may think that you do not have any misconfigurations in your cloud environment, but how do you know? The organization that recently lost 100 million customers data thought it had strong security in its cloud infrastructure, until it was hit with the data theft and realized it was not prepared to manage the risk.
Now, let’s move to the threat from supply chain backdoors.
No matter what type of organization you are or your size, you most probably have a supply chain, comprised of independent contractors, vendors or partners. Each of these could be the weakest link in the chain.
In other words, the attackers may find that one of your suppliers may be easier to break into first because of weaker cybersecurity and may have privileged access to your organization, given their role and responsibilities. So why not first attack the weaker supplier, steal their privileged user credentials and use it to break into your organization and eventually attain the ultimate objective, steal data or commit other harm?
Or they may find that one of your suppliers has part of your data in order to provide the outsourced service, so they can steal the data simply by breaking into the supplier with the weaker cybersecurity, so no need to attack you directly.
There are many examples of supply chain risk, such as with a government agency, where the credentials of a background check vendor were first stolen to access the agency’s systems, then to move laterally and find other unprotected privileged users credentials to access databases and steal data of 21.5 million individuals, including fingerprints data of 5.6 million individuals.
But just look at the recent example of an organization that had outsourced billing and collections to a supplier. This is a case where the attackers did not have to attack directly. In this case, attackers broke into the supplier and injected malicious code into the payments webpages managed by the supplier and stole credit card, banking, medical and other personal information, such as social security numbers, of 11.9 million consumers. The attackers had access to the supplier’s system for eight months, during which it skimmed the data being input by consumers on the payments webpages.
So, while your cybersecurity may be in good shape, the weakest link in the chain may be one of your suppliers, who may unwittingly provide the attackers the backdoor into your organization or to your data or IP.
So, ransomware, cloud misconfigurations and supply chain backdoors are three significant and disruptive threats facing your organization today that you should mitigate.
Article | September 13, 2021
If you are finding it confusing to decide whether to pursue the CEH v11 course now after the Windows 11 update, then you have certainly landed on the right page. We are here to make things clear to you so that you can make your decision without any hassle.
When it comes to Certified Ethical Hacking, it is considered to be one of the most popular testing certifications at present in the industry. It is highly popular because it assists many with complete know-how of the skills that are required for the purpose of white hat hacking. The certified professionals are able to anticipate any kind of cybercrime from before and respond to it proficiently to avert any kind of business damage.
In the time of the pandemic, many business organizations have to move to digital platforms to reach their customers without lockdown troubles. This is the reason why investment in the domain of cybersecurity has also gained a wave. Businesses have realized what the value of having their infrastructure cyber resilient is.
This shows why the opportunities for skilled experts in the cybersecurity domain are never going to end in the coming future, and pursuing the course of CEH v11 is a great move to follow. To make things more convincing, we are here to help you with the importance the course of Certified Ethical Hacking brings into play and how you must choose the right career path in the respective field. Let’s get started.
Ethical Hacking: What It Is To The World?
When it comes to ethical hacking, it is acknowledged as the procedure of networks, applications, or smart devices to assess any kind of vulnerabilities if available. This type of assessment assists in reacting quickly and taking the right measures to enhance the cybersecurity of the entire infrastructure.
A certified ethical hacker is basically an expert who understands the different vulnerabilities in the system and gets them fixed without any delay. This is done by following the ethical approach so that there is no such problem repeated again in the future.
What do You get To Learn From CEH v11 in 2021?
With the CEH v11 course, you get to learn 24 exceptional challenges in 4 different levels that include 18 attacking vectors.
You get to know about various emerging attackers that include targeted ransomware, File-less malware, API threats, and more.
In this course, you also get a complete understanding of different from enumerating techniques that include Telnet, NFS, SMB, IPV6, FTP, and BGP.
This course also covers Malware reverse engineering, so you get a complete understanding of Dynamic and static malware assessment.
Cloud computing is another prime concept that you get covered in this course, where you learn about Docker, Container Technology, Serverless computing, Kubernetes, Cloud Hacking procedures.
CEH v11 also covers a proper understanding of Hacking web applications that includes web shell concepts, Web API. Webhooks, Web API security, and hacking.
You also get to learn more about WPA3 Encryption and cracking.
It also covers operation technology, side-channel attacks, HMI-based attacks, and more.
Why is CEH An Ideal Career Option?
Ethical hacking is possessing five phases of different procedures with every single process, including different actions that block any kind of vulnerabilities.
With CEH v11 certification, you get a complete understanding of all these phases.
These phases are basically divided in the form of network assessment, testing, and various other risk analysis procedures.
As the world of technology is growing significantly, so is the risk of cyber-crime. This is the reason why businesses are looking for ethical hacking specialists who can assist them remain protected from all the potential risks.
As the dependency on data science is growing across all industries, it is important that we protect the information and digital assets in the best possible way.
There is no doubt that hacking is a heinous act, and almost all businesses are aware of the risks associated with it.
To get protected from these risks, organizations around the world are in search of professional, ethical hackers who ensure that there is no vulnerability outside their doors.
This is why the opportunities in the domain of ethical hacking have increased in the last few years, and there is no reason why you can’t say that pursuing CEH v11 is an ideal career option.
Posts Up For Grabs After CEH v11 Course
Anyone who is interested in developing their career in ethical hacking, including the following:
Systems Security Engineer
Security Manager /Specialist
Job Roles You Might Need To Take Responsibility As Certified Ethical Hackers
Manual Ethical hacker
Vulnerability Assessment Analyst
Cyber Defense Analyst
IT security administrator
System security administrator
Senior Security Consultant
Network Security Engineer
SOC Security Analyst
Information Security Analyst
InfoSec Security Administrator
Benefits of Taking Up CEH v11 Certification
To make it even convincing for you, below mentioned are a few of the benefits you avail with CEH v11 certification. Take a look:
You are certainly able to open a lot of career opportunities with the respective course. It lets you advance in your career significantly.
You get to understand what hackers might do to harm your business, and accordingly, you can take precautions.
You get your knowledge related to risks and vulnerabilities improved with the assistance of the respective course.
You benefit from a lucrative package in terms of salary as a Certified Ethical Hacker.
Lastly, you also get to learn different types of real hacking tools as well.
This shows why you must not hesitate and pursue the CEH v11 course even after the latest Windows 11 update. It gives you an edge over the other candidates and lets you have a successful career ahead. Good Luck!
Article | February 28, 2020
The UK’s National Cyber Security Centre (NCSC) has updated its guidance to organisations on how to mitigate the impact of malware and ransomware attacks, retiring its standalone ransomware guidance and amalgamating the two in a bid to improve clarity and ease confusion among business and consumer users alike. The NCSC said that having two different pieces of guidance had caused some issues as a lot of the content relating to ransomware was essentially identical, while the malware guidance was a little more up-to-date and relevant. The service said the changes reflect to some extent how members of the public understand cyber security. For example, it implies a distinction between malware and ransomware even though technically speaking, ransomware is merely a type of malware. “Not everyone who visits our website knows that. Furthermore, they might well search for the term ‘ransomware’ (rather than ‘malware’) when they’re in the grip of a live ransomware incident,” said a spokesperson.