DNC: Russian Hackers Targeted Staffers After Midterms

Infosecurity Magazine | January 21, 2019

DNC: Russian Hackers Targeted Staffers After Midterms
The Democratic National Committee (DNC) has claimed that one of the same Russian hacking groups blamed for leaking sensitive information in 2016 targeted its employees again just days after the 2018 midterm elections. In court documents filed at the weekend, the DNC said that the group known as Cozy Bear (aka APT29/The Dukes) posed as a State Department official in spear-phishing emails sent to dozens of its employees. The emails were booby-trapped with a malware-laden PDF designed to provide access to the victim’s machine. “In November 2018, dozens of DNC email addresses were targeted in a spear-phishing campaign, although there is no evidence that the attack was successful,” the filing noted. “The content of these emails and their timestamps were consistent with a spear-phishing campaign that leading cybersecurity experts have tied to Russian intelligence. Therefore, it is probable that Russian intelligence again attempted to unlawfully infiltrate DNC computers in November 2018.”

Spotlight

When a company’s executive management team considers the challenges their organization faces, it can be daunting at first. Economic volatility requires enterprises to be bolder, faster, flexible and ever more imaginative. Major technology waves—including cloud, mobile, social and analytics—are fundamentally changing the way companies in all industries do business. And pressure is intensifying to simplify the design and improve the efficiency and effectiveness of legacy technologies— while balancing a complex, hybrid environment of “old” and “new.”

Related News

Hyper-aware of all the possible types of cyber attacks to network & business

Cicco | June 20, 2020

IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization. There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. As an IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. This has always been one of the most difficult parts of your job, considering the ingenuity and perseverance of the criminals we must guard against, and how frequently cyber attacks can multiply as our systems (and the technology we rely on) evolve and expand. And now, your security operations processes are further challenged as your workforce shifts to 100% remote. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization today. The following are nine types of cyber attacks every security professional needs to be aware of. Intrusion refers to any unauthorized activity on your network, stealing valuable resources that result in placing your organization’s security at risk. Read more: SMALL AND MEDIUM BUSINESSES NEED TO IMPROVE THEIR CYBERSECURITY POST COVID-19 LOCKDOWN That is essentially a brute force attack—letting the computer do the work, trying possible combinations of usernames and passwords until it finds the right one. ~ Cyber Security thought leader There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. Network intrusions often present as unusual behavior, but not necessarily abnormal, which makes them difficult to detect and thus, slip under manual supervision. Perhaps the most vicious of threats posed by cybercriminals, ransomware seeks to hold business systems hostage for the purpose of extorting money from victims. It is one of the most common cyber attack models being used today, in large part because these attacks are successful and often result in payouts in the tens of millions. Over the years we’ve seen several examples of why ransomware is one of the most effective and dangerous types of cyber attacks. What does ransomware look like? An attack often begins with an on-screen notification that data on your network has been encrypted and will remain inaccessible until the specified ransom has been paid, and a decryption key will follow. Failure to pay results in the key being destroyed, rendering the data inaccessible forever. There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. Security insider threats occur when someone close to an organization with authorized access misuses that access to compromise your company’s data or critical systems. Insiders do not have to be employees; they can also pose as partners, third-party vendors, and contractors. That’s the most difficult aspect of detecting an insider threat—it begins with humans, not systems. We’ve all seen an action movie where the criminal mastermind uses a high-powered computer to cycle through thousands of passwords in order to access a government facility. Well, this common cyber attack is not necessarily the stuff of fiction. Among the best defenses against brute force attacks are multi-factor authentication, as well as requiring frequent password changes with complex alpha-numerical character combinations, making threat detection more likely. A distributed denial of service (DDoS) attack takes place when criminals attempt to disrupt normal traffic on a network or to a server or system. Typically this is done by overwhelming the target’s infrastructure with a flood of internet traffic. Think of it like a traffic jam clogging up the highway, preventing normal traffic from arriving at its destination. Data exfiltration is the unauthorized movement of data outside of your organization. Read more: TIME IS RIGHT FOR UNIFIED SECURITY SOLUTIONS, FINDS CHECK POINT'S DIMENSIONAL RESEARCH SURVEY

Read More

DATA SECURITY

Westcoast Limited Strengthens the Cyber Security Portfolio with an AppGuard Malware Disruption Technology Distribution Agreement for Endpoints

prnewswire | February 22, 2021

Westcoast Limited, a main UK wholesaler of IT items and administrations with over £3 billion in yearly incomes, today declared a circulation concurrence with AppGuard, a worldwide endpoint security supplier that shields associations from cyberattacks by disturbing malware from causing hurt. Under the understanding, Westcoast will appropriate AppGuard's malware interruption innovation in the U.K. also, Northern Europe districts, further extending its obligation to empowering Westcoast's affiliates and their clients to more readily guard against cyberattacks by shielding endpoints from being undermined by malware. Conveying driving IT brands like HP, HPE, Microsoft, Lenovo, Apple, and numerous others to an expansive scope of affiliates, retailers and office item vendors in the UK and past, Westcoast and its 9,000 exchanging accomplices and their clients comprehend that network safety is the main test confronting the present organizations. The expansion of AppGuard to Westcoast's network safety portfolio advances propels the organization's obligation to guarantee accomplices and their clients have the guard inside and out they need to ensure against the present progressed malware assaults.

Read More

Microsoft Enhances Azure Cloud Security for Greater Visibility into Third-Party Access

Microsoft | May 25, 2020

Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services. The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today. Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts. Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services. The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today. Azure Active Directory External Identities is an extension of Azure Active Directory to external identities. This allows Active Directory to secure and manage the identities of third parties that need access to corporate properties, including the range of Office 365 tools. This can provide greater visibility into who actually has access to an organization's applications and data. According to the company, it also will allow developers to build more user-centric experiences for external users and streamline how IT administrators manage directories and identities through Azure Active Directory. Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts. This API allows organizations to actually get a score on the security posture of their environment. According to Microsoft, it will provide a more effective way to assess risk in the environment and prioritize actions to reduce it. This type of scoring can be very important for many reasons, said Doug Cahill, vice president and group director for cybersecurity at Enterprise Strategy Group."Because of the dynamic nature of cloud, staying on top of how your cloud services are configured is really important. You can inadvertently introduce configuration vulnerabilities. You can leave your infrastructure open to a variety of exploits if you're not regularly hardening your configuration," he said. Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE "Security to date has largely been treated as an afterthought," he said. "And now that lines of business are doing their own application development, it has become increasingly important to incorporate security at development time as well as build time and runtime." ~ Microsoft Say It also helps address the confusion around who is actually responsible for configurations—the subscriber to cloud services or the cloud service provider. While Microsoft is not taking responsibility for updating configurations, this scoring capability does provide some visibility to subscribers on where they might have insecure configurations. Developers are the focus of the third announcement. Developers with a verified Microsoft Partner Network account can now mark apps "Publisher Verified." Through this capability, developers can essentially integrate a "publisher verified" stamp in the code, indicating that it is a legitimate piece of software. ” This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said.” This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said. Along the same lines, Microsoft has announced more granular application consent controls for IT administrators. This allows administrators to create more detailed policies that specify exactly which users can consent to specific applications. In other words, Cahill said, it gives developers a way to create a "white list" for end users based on policy.Finally, Microsoft announced that its Authentication Library now supports additional platforms, including Angular (GA) and Microsoft .Identity.Web for ASP.NET Core. This essentially provides developers with more ways of authenticating access to applications they are building, Cahill explained. Attackers can exploit misconfigurations in hybrid networks composed of Azure Active Directory and Windows Active . Directory servers to compromise synchronization servers, reveal user passwords, and create backdoors into corporate networks, security researchers from Synacktiv have revealed. The work, one of several similar research ventures conducted on Azure Active Directory security, underlines the need for security teams to learn to navigate the complexities of this fast-growing technology. Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. The technology allows an organization’s employees to sign in and access resources in services like Microsoft Office 365, the Azure portal, and SaaS applications, along with internal resources and other cloud-based apps. There is, however, some confusion between Azure AD and Windows AD, the perhaps better-known directory service for centralized domain management. Learn more: GOOGLE AND KPMG SECURITY EXPERTS SHARE THEIR INSIGHTS ON COVID-19 RELATED CYBER SCAMS .

Read More

Spotlight

When a company’s executive management team considers the challenges their organization faces, it can be daunting at first. Economic volatility requires enterprises to be bolder, faster, flexible and ever more imaginative. Major technology waves—including cloud, mobile, social and analytics—are fundamentally changing the way companies in all industries do business. And pressure is intensifying to simplify the design and improve the efficiency and effectiveness of legacy technologies— while balancing a complex, hybrid environment of “old” and “new.”