When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.

NETSCOUT’s Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.

To read this article in full, please click here

Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google Drive, and the US Postal Service to increase the chances of users falling victim.

HTML smuggling uses HTML5 attributes that can work offline by storing a binary in an immutable blob of data (or embedded payload) within JavaScript code, which is decoded into a file object when opened via a web browser. It is not a new attack method, but it has grown in popularity since Microsoft started blocking macros in documents from the internet by default, Trustwave SpiderLabs wrote. The four malware strains that have recently been detected using HTML smuggling in their infection chain are Cobalt Strike, Qakbot, IcedID, and Xworm RAT, the firm added.

To read this article in full, please click here

The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their OT networks.

“A number of the threats that Dragos tracks may evolve their disruptive and destructive capabilities in the future because adversaries often do extensive research and development (R&D) and build their programs and campaigns over time,” the Dragos researchers said in a newly released annual report. “This R&D informs their future campaigns and ultimately increases their disruptive capabilities.”

To read this article in full, please click here

A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to a notorious ransomware group exposed and sanctioned. The sanctions were announced today by the UK’s Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others, a NCA posting read.

To read this article in full, please click here

Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense—no one undesirable got access.

Until they did. With the advent of cloud computing, the edge of a network is no longer protected by a firewall. In fact, the network no longer has an edge: in our work-from-anywhere environment in which any data center is now a boundary, we can no longer rely on traditional protection mechanisms. Security has become more about protecting identity rather than the network itself.

To read this article in full, please click here

Ask nearly any security leader whether they have adequate resources to protect their organization effectively and consistently, and you’ll likely hear an emphatic “No.” Given that an estimated 3.4 million people are needed to fill the global cybersecurity workforce gap, it’s no surprise that CISOs feel that they need more staff to safeguard their networks, let alone focus on more strategic priorities. And nearly 70% of leaders say this skills gap creates additional cyber risks for their business.  

To read this article in full, please click here