Security Articles

Cyber Threat Hunting – Overview and Techniques

Cyber Threat Hunting – Overview and Techniques

The key focus for most of Cyber Threat Defense and Response program is to achieve effective and efficient threat hunting capability. Organizations are investing signification effort and money in building the required competency and infrastructure. 

Threat hunting approach thus uses the intuitive and analytical ability of the human supported by the insights provided by tools using statistical, data modeling methods, machine learning, and artificial intelligence. 

Rule-based threat detection approach has many limitations (like static nature i.e. detection based on a pre-defined threshold value, inability to process data in high throughput scenario, the requirement to exponentially increase computing resources as the number of rules increases etc.) and threat hunting effectively compliments the rule-based approach by addressing the above-mentioned limitations.  

baseStriker Attack: A clever way of Phishing through Office-365

baseStriker Attack: A clever way of Phishing through Office-365

The dark world is changing its attack techniques every day. As far as the Phishing attack is the concern, many users are already aware of the traditional attack method and they are also capable of handling them to some extent. The security tools on the other hand also help significantly by their prevention mechanism before the phishing emails land upon user’s mailbox.

Now, a new major security flaw has been uncovered on Microsoft Office 365 called ‘baseStriker’, which is capable of completely bypassing Microsoft’s security, including its advanced services - ATP, Safelinks etc.

The ‘base’ in baseStriker:

The HTML <base> tag specifies the base URL/target for all relative URLs in a HTML document and there can be at maximum one <base> element in a HTML document, and it must be inside the <head> element.

Trends to influence Cyber Security and Security Transformation

Trends to influence Cyber Security and Security Transformation

Cyber Security practices are continuously improving and adapting to emerging business models, changing technology landscape as well as threat and attack landscape. 

Security needs to move in tandem with changing business and technology trends. Thus it’s prudent to make an attempt to understand the trends, foresee possible change required in prevailing practices and adapt accordingly.

Hereafter in this note, I am trying to present my viewpoint on the few trends which might require attention and initiate the effort to identify the potential solution to possible risks.

Business and Social Trends

Typosquatting Detection using Advanced Analytics

Typosquatting - the good, bad, and ugly

 

Let me get this out of the way first, there isn't much good about typosquatting, it's predominantly bad, and sometimes really ugly. Typosquatting is the registration of Internet domain names that appear similar to popular and reputable domains (e.g., vacebook.com instead of facebook.com). It is a common trick used by hackers who slightly misspell the name of a valid domain to fool the users wishing to access that domain. A study [1] conducted  in 2015 concluded that just for the top 500 most popular websites over 10,000 malicious typosquatting domain is produced daily. 

Planning AWS Platform Security Assessment ?

Nowadays most of the customers are working in AWS platform or planning to migrate their existing physical Infrastructure to Cloud. AWS Cloud is the most popular among the Cloud vendors available in the market.

Once your Infrastructure migrated and settled as Business as Usual into Cloud then your next major concern is to complete security assessment for AWS ready Infrastructure.  Assessors need not only to understand how the cloud works but additionally how to leverage the power of cloud computing to their advantage while conducting assessments

Please refer to the attached full article to know more about how to plan AWS platform security assessment.

 

Authored By - Rajib Das
TCS Cyber Security Community

An Introduction to Identity and Access Management

An Introduction to Identity and Access Management

Identity and Access Management (IAM) is a system with one or more applications to store and manage user identities in a centralized repository. IAM ensures that users who they say they are (authentication) and they can access the applications and resources they have permissions to (authorization). IAM also audits user access for every application accessed by the user for future reference.

Security Assurance practices to protect an Enterprise’s assets

Security Assurance practices to protect an Enterprise’s assets

Many Technology Industries says they are well protected from the Security threats due to their strong technical controls, management controls and validation processes and others says we wanted to implement the processes that give 100% protection. In general, every industry has Security policies and so many processes in place and the question is does these existing policies and processes alone provide security assurance to an enterprise.  This article highlights key best practices that would provide a security assurance to an enterprise.

The Security Assurance is level of confidentiality an enterprise can provide on their deployed IT Technology and Business Processes. The Cyber Security Framework and Standards would only provide a minimum level of security to an enterprise. However, the security assurance practices on each of the critical process may provide true confidentiality level to safeguard their assets.

To Gain Protection from Cyber Threats, Focus on Managed Threat Hunting

To Gain Protection from Cyber Threats, Focus on Managed Threat Hunting

Organizations are building its threat hunting as a service model to address specific cybersecurity threats. But a key to achieving threat hunting maturity is to take a risk-based approach to enterprise's IT assets and the cybersecurity investments made to support it. Moreover, organization CISOs should work with the board to focus on the impacts of potential cyber attacks on business operations and protect against risks. When adversaries make strides through an organization’s defenses, most security products fail to alert and detect the intrusion. 

To numb an attacker to freely roam around an organization's enterprise IT ecosystem for days, CISOs should increase their involvement in threat hunting spending decisions and build a robust cybersecurity strategy that involves in comprehensive threat hunting service complemented with incident response and SOC capabilities that detects and responds to malicious activities before a breach.

Business 4.0 Risks - The New World Order for the CISO

2017 saw an unprecedented rise in the list of cyber breaches and attacks. The data breach at Equifax resulted in hackers accessing Social Security numbers, driver’s licenses details of million Americans. The recent in the list of incidents is social media giant, Facebook, whose shares plunged by over $60 b$ in first two days, on account of misuse of personal data of 50 million Facebookers by British data analytics firm 'Cambridge Analytica’. In 2017, we saw an alarming level rise in Ransomware attacks and ransom payments hitting over $2 b$. WannaCry, NotPetya, Bad Rabbit Ransomware hit more than 500,000 machines globally necessitating some businesses to even suspend operations, or paying ransomware cases with cryptocurrencies being unavoidable in situations. The WannaCry infections were so bad that Microsoft had to release a patch overnight for Windows systems that it had long stopped supporting.

Secure Your Browser Now!!

Web browsers are vastly used a software application to access web resources and pages using the Internet.

The most popular web browsers so far are Firefox, Google Chrome, Internet Explorer, Safari, and Opera.

As we performed various tasks (eg bank transactions etc) on the internet using browsers, so browsers are primarily targeted by Cyber Criminals to perform malicious activities such as identity theft, malware spreading etc.

This article will enumerate a few best practices and techniques so that computer users stay safe and securely browse the Internet.

Pages

Subscribe to RSS - Security Articles