This has been an interesting year for cybersecurity news, and November is no different. Read on to find out the articles our team has been sharing and talking about at the (Zoom) water cooler. The Expedia/Booking.com breach Millions of Expedia and Booking.com customers’ data has been exposed. Prestige Software, a company responsible for a hotel reservation system used by booking.com and Expedia, was storing extremely sensitive data from as far back as 2013 on a misconfigured Amazon Web Services (AWS) S3 bucket.
You’re a nation-state threat actor trying to break into a NATO network.You get in, but what you don’t know is that you are being observed, and your every step is being manipulated by deception technology. We are proud to announce CounterCraft worked hand-in-hand over the last six months with NATO to design and execute a defense experiment that mimicked this very scenario. Various red teams infiltrated the network and fell for our deception tactics, revealing valuable threat intelligence on what would be, in the real world, very dangerous adversaries.
Frameworks do not need to sit in the Security Operations Centre (SOC) or be buried away as part of a workflow process. These frameworks can be a powerful visual tool in the hands of the CISO and allow them to paint a vivid picture of not only where the current security posture is for their organisation but also where it needs to be. The goal is to turn these frameworks into powerful tools that help you visualise your security roadmap.
Ransomware is one of the most intractable — and common — threats facing organizations globally across all sectors, and incidents of ransomware attacks continue to rise. Meanwhile, ransomware threat actors are adjusting their attack model to adapt to the improvements that organizations are making to recover from these attacks. There are multiple articles describing the ransomware history, starting from AIDS, the first known ransomware sample, to the newest families with advances that make them almost impossible to stop.
Windows XP was one of the most successful Microsoft operating systems. Released in 2001, according to Wikipedia, “Upon its release, Windows XP received critical acclaim, with critics noting increased performance and stability (especially in comparison to Windows Me), a more intuitive user interface, improved hardware support, and expanded multimedia capabilities.” Windows XP mainstream support ended in 2009, while the extended support ended in 2014. Nevertheless, due to the fact that Windows XP was still in use by many organizations (specifically in Point of Service (PoS) devices), additional support was extended until 2019.
Welcome to the second part of our blog post focusing on insider threats that can be overlooked by many CISOs. But, first of all, let us have a quick recap on the main points that we raised in part one of the blog post. Recap: The scale of the problem As we saw in our first blog post on insider threats and the Rule of Three, the Ponemon report in 2020 provided some interesting data points that help to accurately quantify and qualify the insider risk:
Last week, CounterCraft attended the Gartner Security & Risk Management Summit. This year, the event was virtual, and it was a very insightful experience that helped us connect with the challenges and needs of the end client as well as listen to the analyst recommendations. The highlight for us was, of course, the talk about cyber deception given by the analyst Pete Shoard and titled “Deception Should Be Part of Your Threat Detection Strategy”.
When it comes to looking at how to deal effectively with insider risk, not many security leaders will be thinking of deploying cyber deception to deal effectively with this problem. In fact, many leaders may think intuitively that the problem belongs in a different department (legal, internal investigations, etc.) and it is not part of their remit. However, every CISO needs to be part of the stakeholder group that deals with insider risk.
TL;DR - Quick Overview MITRE has released Shield this August to great community approval. Shield is the defensive partner to the well known ATT&CK Matrix that defines threat actor activity. Shield is a set of defensive techniques that defend and protect against specific threat actor actions. This is a massive step forward for defensive teams in conceptualising and communicating defensive tactics, techniques and procedures. CounterCraft has already integrated the Shield Matrix and ATT&CK mappings into our proactive defensive platform.
It’s pretty common to think about security as a whole, to think about it as a uniform process where all the information needs to be safeguarded. It’s true that you have to protect all your infrastructure and data, but it’s also true that not all your information is equally sensitive. There are probably some assets that require extra attention, some that pose a bigger risk in case they are compromised. It makes sense then to make more of an effort in order to protect what can do the biggest damage.
Page 1 of 9
