.org

Singapore Businesses Struggling to Cope with Network and Ransomware AttacksCISOMAGon September 22, 2021 at 4:17 pm Feedzy

FeedzyRead MoreWhile Singapore is accelerating its digital transformation capabilities, cybersecurity standards remain a severe concern for organizations in the country. New research from Barracuda Networks revealed that network and ransomware attacks have become a challenge for organizations in Singapore, as most of them are falling victim to serious security repercussions. In its State of Network Security […]
The post Singapore Businesses Struggling to Cope with Network and Ransomware Attacks appeared first on CISO MAG | Cyber Security Magazine.

While Singapore is accelerating its digital transformation capabilities, cybersecurity standards remain a severe concern for organizations in the country. New research from Barracuda Networks revealed that network and ransomware attacks have become a challenge for organizations in Singapore, as most of them are falling victim to serious security repercussions. In its State of Network Security in 2021, Barracuda found that nearly 72% of Singapore businesses have fallen victim to a network attack, and 62% had sustained at least one ransomware attack last year.

Why Singapore companies are unable to repel cyberthreats

The research identified multiple reasons why Singaporean businesses are struggling to thwart network attacks. The remote working environment was identified as one of the biggest hurdles to mitigate cyberattacks. Besides, the remote workforce had a higher network security breach rate (77%), than companies with employees working from the office (67%). Since remote working networks are not as secure as corporate networks, work from home employees are prone to cyber intrusions.

Other Key Findings

Over 96% of Singapore employees with company-issued devices share their home internet connection with other household members, leading to severe cybersecurity risks.
Businesses’ reliance on web-based apps makes them an attractive target for cybercriminals.
Singapore companies have at least 24 Software-as-a-Service (SaaS) apps deployed, with 50% of all traffic being directed to public cloud providers.

Defending Cyberattacks

The research also found that network breaches, ransomware attacks, and remote-work issues underscore the need for cloud-native Secure Access Service Edge (SASE) deployments in Singapore. Nearly 33% of Singapore businesses have deployed a Software-defined Wide Area Network (SD-WAN) to connect users to applications securely. And 58% of those yet to deploy SD-WAN said they are planning to do so in the future. Similarly, 42% of Singapore companies with most of their apps in the public cloud said they had already deployed Zero Trust Network Access (ZTNA) to secure their apps, while 54% plan to in the future.

“Singapore businesses are continuing to experience network breaches and ongoing security challenges as they adapt to hybrid work environments. As businesses in the city-state increasingly rely on SaaS applications and the public cloud to improve their user experience and security, we are also seeing them starting to embrace SASE technologies, which can only be a good thing,” said James Wong, Regional Director for Southeast Asia and Korea, Barracuda.

The post Singapore Businesses Struggling to Cope with Network and Ransomware Attacks appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

While Singapore is accelerating its digital transformation capabilities, cybersecurity standards remain a severe concern for organizations in the country. New research from Barracuda Networks revealed that network and ransomware attacks have become a challenge for organizations in Singapore, as most of them are falling victim to serious security repercussions. In its State of Network Security in 2021, Barracuda found that nearly 72% of Singapore businesses have fallen victim to a network attack, and 62% had sustained at least one ransomware attack last year.

Why Singapore companies are unable to repel cyberthreats

The research identified multiple reasons why Singaporean businesses are struggling to thwart network attacks. The remote working environment was identified as one of the biggest hurdles to mitigate cyberattacks. Besides, the remote workforce had a higher network security breach rate (77%), than companies with employees working from the office (67%). Since remote working networks are not as secure as corporate networks, work from home employees are prone to cyber intrusions.

Other Key Findings

Over 96% of Singapore employees with company-issued devices share their home internet connection with other household members, leading to severe cybersecurity risks.
Businesses’ reliance on web-based apps makes them an attractive target for cybercriminals.
Singapore companies have at least 24 Software-as-a-Service (SaaS) apps deployed, with 50% of all traffic being directed to public cloud providers.

Defending Cyberattacks

The research also found that network breaches, ransomware attacks, and remote-work issues underscore the need for cloud-native Secure Access Service Edge (SASE) deployments in Singapore. Nearly 33% of Singapore businesses have deployed a Software-defined Wide Area Network (SD-WAN) to connect users to applications securely. And 58% of those yet to deploy SD-WAN said they are planning to do so in the future. Similarly, 42% of Singapore companies with most of their apps in the public cloud said they had already deployed Zero Trust Network Access (ZTNA) to secure their apps, while 54% plan to in the future.

“Singapore businesses are continuing to experience network breaches and ongoing security challenges as they adapt to hybrid work environments. As businesses in the city-state increasingly rely on SaaS applications and the public cloud to improve their user experience and security, we are also seeing them starting to embrace SASE technologies, which can only be a good thing,” said James Wong, Regional Director for Southeast Asia and Korea, Barracuda.

Numando Banking Trojan Abuses YouTube, Pastebin and other Public PlatformsCISOMAGon September 22, 2021 at 1:30 pm Feedzy

FeedzyRead MoreESET Research spotted a banking Trojan Numando, as part of a series on Malware in Latin America. Numando, like its other malware families, uses fake overlay windows, backdoor functionality, and abuse of public services such as YouTube and Pastebin to store its remote configuration. This threat actor has been reported to be active since 2018 […]
The post Numando Banking Trojan Abuses YouTube, Pastebin and other Public Platforms appeared first on CISO MAG | Cyber Security Magazine.

ESET Research spotted a banking Trojan Numando, as part of a series on Malware in Latin America. Numando, like its other malware families, uses fake overlay windows, backdoor functionality, and abuse of public services such as YouTube and Pastebin to store its remote configuration.

This threat actor has been reported to be active since 2018 and consistently introducing varied new techniques to a group of Latin American banking Trojans. It is written in the Delphi language.

Numando uses ZIP archives or bundle payloads with decoy BMP images and large valid images that can easily be opened and viewed. The backdoor capabilities of the threat actor allow it to shut down the machine by simulating the mouse and keyboard actions, display overlay windows, take screenshots and kill browser processes. It entices victims into sharing sensitive information and financial credentials using the fake overlay windows.

How it Works

Campaigns and phishing emails are the typical mode of distribution for the banking Trojan.

.ZIP file is sent as a decoy to victims
The file contains a .CAB archive bundled with a legitimate software application, an injector, and the Trojan
Large .BMP file mask the malware
If the software app is executed, the injector is side-loaded, and the malware is then decrypted using an XOR algorithm and a key
Numando abuses public services such as Pastebin and YouTube for distribution

On being informed, Google took down many of these videos used to spread the Trojan. The main target regions have been Brazil and some areas of Mexico and Spain.

Banking customers have been suggested to follow security best practices and be extra vigilant towards the active Trojan.

Banking Trojan Explained

According to Investopedia, a banking Trojan is a piece of malware that attempts to steal credentials from a financial institution’s clients or gain access to their financial information. Many times, a banking Trojan will use a spoofed website of a financial institution to redirect client data to the attacker.

Like other Trojan horses, a banking Trojan often appears innocuous but can cause harm if downloaded and installed onto a device or computer.

See also: What You Need to Know Now About Banking Trojans

Top Banking Trojans

Per Heimdal Security, here is a list of banking malware/Trojans that have been wreaking havoc in the banking sector:

Zbot/Zeus: Trojan infects Windows users and tries to retrieve confidential information from the infected computers.

Zeus Gameover: Financial stealing malware relies upon a peer-to-peer botnet infrastructure.

SpyEye: Data-stealing malware (similar to Zeus) created to siphon off money from online bank accounts.

Shylock: Banking malware crafted to retrieve user’s banking credentials for fraudulent purposes.

DanaBot: A banking malware with multiple variants that function as malware-as-a-service, with several active affiliates that keep growing.

TrickBot: Malware targets the financial information and credentials of the user and spreads through malicious spam emails.

Panda: A banking Trojan that uses many of Zeus’s malware techniques like man-in-the-browser and keylogging but has advanced stealth capabilities.

Kronos: One of the most sophisticated Trojans whose code is obfuscated using a multitude of techniques. It focuses on stealing banking login credentials from browser sessions using a combination of web injections and keylogging. Supposedly it has been given a new identity and is sold as Osiris banking trojan.

Bizzaro: The malware spreads via malicious links contained within spam emails attempting to pilfer consumer financial information and mobile crypto wallets as it goes and spreads.

A Trend Micro Report revealed that the banking industry experienced a 1,318% year-on-year increase in ransomware attacks in the first half of 2021. Banking malware or local Trojans are going global exploiting the COVID-19 worldwide, luring new victims, and expanding their reach.

The post Numando Banking Trojan Abuses YouTube, Pastebin and other Public Platforms appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

ESET Research spotted a banking Trojan Numando, as part of a series on Malware in Latin America. Numando, like its other malware families, uses fake overlay windows, backdoor functionality, and abuse of public services such as YouTube and Pastebin to store its remote configuration.

This threat actor has been reported to be active since 2018 and consistently introducing varied new techniques to a group of Latin American banking Trojans. It is written in the Delphi language.

Numando uses ZIP archives or bundle payloads with decoy BMP images and large valid images that can easily be opened and viewed. The backdoor capabilities of the threat actor allow it to shut down the machine by simulating the mouse and keyboard actions, display overlay windows, take screenshots and kill browser processes. It entices victims into sharing sensitive information and financial credentials using the fake overlay windows.

How it Works

Campaigns and phishing emails are the typical mode of distribution for the banking Trojan.

.ZIP file is sent as a decoy to victims
The file contains a .CAB archive bundled with a legitimate software application, an injector, and the Trojan
Large .BMP file mask the malware
If the software app is executed, the injector is side-loaded, and the malware is then decrypted using an XOR algorithm and a key
Numando abuses public services such as Pastebin and YouTube for distribution

On being informed, Google took down many of these videos used to spread the Trojan. The main target regions have been Brazil and some areas of Mexico and Spain.

Banking customers have been suggested to follow security best practices and be extra vigilant towards the active Trojan.

Banking Trojan Explained

According to Investopedia, a banking Trojan is a piece of malware that attempts to steal credentials from a financial institution’s clients or gain access to their financial information. Many times, a banking Trojan will use a spoofed website of a financial institution to redirect client data to the attacker.

Like other Trojan horses, a banking Trojan often appears innocuous but can cause harm if downloaded and installed onto a device or computer.

See also: What You Need to Know Now About Banking Trojans

Top Banking Trojans

Per Heimdal Security, here is a list of banking malware/Trojans that have been wreaking havoc in the banking sector:

Zbot/Zeus: Trojan infects Windows users and tries to retrieve confidential information from the infected computers.
Zeus Gameover: Financial stealing malware relies upon a peer-to-peer botnet infrastructure.
SpyEye: Data-stealing malware (similar to Zeus) created to siphon off money from online bank accounts.
Shylock: Banking malware crafted to retrieve user’s banking credentials for fraudulent purposes.
DanaBot: A banking malware with multiple variants that function as malware-as-a-service, with several active affiliates that keep growing.
TrickBot: Malware targets the financial information and credentials of the user and spreads through malicious spam emails.
Panda: A banking Trojan that uses many of Zeus’s malware techniques like man-in-the-browser and keylogging but has advanced stealth capabilities.
Kronos: One of the most sophisticated Trojans whose code is obfuscated using a multitude of techniques. It focuses on stealing banking login credentials from browser sessions using a combination of web injections and keylogging. Supposedly it has been given a new identity and is sold as Osiris banking trojan.
Bizzaro: The malware spreads via malicious links contained within spam emails attempting to pilfer consumer financial information and mobile crypto wallets as it goes and spreads.

A Trend Micro Report revealed that the banking industry experienced a 1,318% year-on-year increase in ransomware attacks in the first half of 2021. Banking malware or local Trojans are going global exploiting the COVID-19 worldwide, luring new victims, and expanding their reach.

Personal Data of 106 Mn Visitors to Thailand Left Exposed OnlineCISOMAGon September 22, 2021 at 9:35 am Feedzy

FeedzyRead MoreThailand is one of the popular tourist destinations with a large number of visitors from across the world. While the country is looking forward to welcoming tourists post-pandemic, a recent data breach incident has left a bitter experience among millions of travelers who visited Thailand in the last 10 years. Bob Diachenko, cybersecurity researcher and […]
The post Personal Data of 106 Mn Visitors to Thailand Left Exposed Online appeared first on CISO MAG | Cyber Security Magazine.

Thailand is one of the popular tourist destinations with a large number of visitors from across the world. While the country is looking forward to welcoming tourists post-pandemic, a recent data breach incident has left a bitter experience among millions of travelers who visited Thailand in the last 10 years.

Bob Diachenko, cybersecurity researcher and security leader at Camparitech, discovered an unprotected Elasticsearch server exposing the personal data of over 106 million international travelers to Thailand. The unsecured database, which included tourists’ sensitive information such as full names, passport numbers, and arrival dates, was exposed online, allowing anyone to access the data. Diachenko also confirmed that the leaky server exposed his own name and entries to Thailand. However, the database has now been secured after he reported the issue to the Thai authorities.

Diachenko claimed that any tourist who traveled to Thailand in the last 10 years might have had their personal data exposed in the incident.

What was exposed in the breach

The database hosted over 200GB of users’ data (more than 106 million records). The exposed information included:

Date of arrival in Thailand
Full name
Sex
Passport number
Residency status
Visa type
Thai arrival card number

The Breach Impact

The Thai authorities stated that there is no sign of any misuse of the leaked data. While no financial data was leaked in the incident, the other exposed information could lead to various security risks if threat actors access it.

“Any foreigner who traveled to Thailand in the last decade or so probably has a record in the database. There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues. None of the information exposed poses a direct financial threat to the majority of data subjects. No financial or contact information was included. Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive. For example, a passport number can’t be used to open bank accounts or travel in another person’s name on its own,” Diachenko stated.

Unsecure Databases Attract Threat Actors

Threat actors are always on the hunt for unsecured servers. In this case, there is no evidence of how long the database was left exposed before Diachenko’s disclosure. However, a honeypot was planted to monitor hacker intrusions.

“Notably, the IP address of the database is still public, but the database itself has been replaced with a honeypot as of the time of writing. Anyone who attempts access at that address now receives the message: This is honeypot, all access were logged,” Diachenko added.

A honeypot is a security mechanism used to detect or counteract unauthorized intrusions of network and information systems. Earlier, a honeypot experiment from Camparitech found that attackers find and access unprotected databases in hours. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it. Comparitech left the exposed data from May 11 until May 22, 2020. It found 175 attacks in just eight hours after the server deployed, with the number of attacks in one day totaled 22.

The post Personal Data of 106 Mn Visitors to Thailand Left Exposed Online appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Thailand is one of the popular tourist destinations with a large number of visitors from across the world. While the country is looking forward to welcoming tourists post-pandemic, a recent data breach incident has left a bitter experience among millions of travelers who visited Thailand in the last 10 years.

Bob Diachenko, cybersecurity researcher and security leader at Camparitech, discovered an unprotected Elasticsearch server exposing the personal data of over 106 million international travelers to Thailand. The unsecured database, which included tourists’ sensitive information such as full names, passport numbers, and arrival dates, was exposed online, allowing anyone to access the data. Diachenko also confirmed that the leaky server exposed his own name and entries to Thailand. However, the database has now been secured after he reported the issue to the Thai authorities.

Diachenko claimed that any tourist who traveled to Thailand in the last 10 years might have had their personal data exposed in the incident.

What was exposed in the breach

The database hosted over 200GB of users’ data (more than 106 million records). The exposed information included:

Date of arrival in Thailand
Full name
Sex
Passport number
Residency status
Visa type
Thai arrival card number

The Breach Impact

The Thai authorities stated that there is no sign of any misuse of the leaked data. While no financial data was leaked in the incident, the other exposed information could lead to various security risks if threat actors access it.

“Any foreigner who traveled to Thailand in the last decade or so probably has a record in the database. There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues. None of the information exposed poses a direct financial threat to the majority of data subjects. No financial or contact information was included. Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive. For example, a passport number can’t be used to open bank accounts or travel in another person’s name on its own,” Diachenko stated.

Unsecure Databases Attract Threat Actors

Threat actors are always on the hunt for unsecured servers. In this case, there is no evidence of how long the database was left exposed before Diachenko’s disclosure. However, a honeypot was planted to monitor hacker intrusions.

“Notably, the IP address of the database is still public, but the database itself has been replaced with a honeypot as of the time of writing. Anyone who attempts access at that address now receives the message: This is honeypot, all access were logged,” Diachenko added.

A honeypot is a security mechanism used to detect or counteract unauthorized intrusions of network and information systems. Earlier, a honeypot experiment from Camparitech found that attackers find and access unprotected databases in hours. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it. Comparitech left the exposed data from May 11 until May 22, 2020. It found 175 attacks in just eight hours after the server deployed, with the number of attacks in one day totaled 22.

Cybersecurity – The Path of Most ResistanceCISOMAGon September 22, 2021 at 5:30 am Feedzy

FeedzyRead MoreIn a very short timeline, computers and electronic technology have drastically changed the way humans live. We have welcomed these devices into our lives to increase convenience and make the most of the things we do easier in our day-to-day lives. The relationship with technology has generally been a very enjoyable experience. Many people enjoy […]
The post Cybersecurity – The Path of Most Resistance appeared first on CISO MAG | Cyber Security Magazine.

In a very short timeline, computers and electronic technology have drastically changed the way humans live. We have welcomed these devices into our lives to increase convenience and make the most of the things we do easier in our day-to-day lives. The relationship with technology has generally been a very enjoyable experience. Many people enjoy the convenience of technology so much they claim they would be lost without their cell phone, as in literally lost. However, there are some aspects of our relationship with computers that many people find an ever-increasing frustration, enter the password. Passwords and other cybersecurity features are the necessary evil we all tolerate to make sure our computer use is an enjoyable experience and not a string of random fraud and crimes happening on your cellphone or laptop.

By Dick Wilkinson, Chief Technology Officer, Proof Labs

Customers find security features tolerable, not enjoyable. Customers of technology have seen a trend over the decades. The trend calls for smaller devices with fewer buttons, fewer switches, and endless physical interaction with your network or device. The user experience is becoming almost completely touchless and seamless. Voice assistants, like Alexa or Google Home, are the perfect example of what users have always wanted their computers to be: interactive, easy, powerful, and touchless. A serious problem occurs when security features of any new technology slow down the user experience, add physical touches or additional clicks, and require focus and time to make them happen exactly right, or you are locked out of your session. All these interactions are a nuisance to the user. Security has established itself as the path of most resistance in the life of a technology customer.

The path to least resistance causes breaches

Security features are difficult to navigate and create a problem that is often easy to overcome, enter the workaround. Humans by our nature will seek the path of least resistance to get a task done. No matter how serious or trivial the task, we expect to find or create the easiest series of steps to complete the work. Many modern jobs happen in an office with computers and the tasks become repetitive and time-consuming even with the help of computers. The employees completing these repetitive tasks are always seeking the path of least resistance, and that is a good thing. You want to nurture efficiency in your company; letting employees be creative is a great way to find those efficient methods. That creative nature quickly runs afoul of security, which is policy-driven, structured, and immovable by design.

IT security uses rules and rigidness to ensure only the right people get access to only the right information. Security creates digital gates and fences and shuts off access to the path of least resistance. You must go out of your way to pass through our digital gates, or you will never get to the data you are looking for. The earlier example of passwords becomes even more effective to illustrate the disconnect from user expectations that are perpetrated by the security industry. A single username and password challenge is a simple gate to pass through. So easy in fact, that multifactor authentication, or MFA, was created.

Barriers to security

One gate was not enough, we have now introduced multiple gates that require multiple “keys” to pass. That is the exact opposite of what a user wants; they want zero passwords, not extra passwords to make sure the first password works properly. People are smart and have realized that passing through the digital gate is only one option, you can also jump over the fence.

An employee is working with a customer and needs to receive several large files. The files won’t make it through your corporate email scanners/filters because they have odd file extensions or types. There are also restrictions on attachment sizes. To get around this limitation, the employee logs into their personal free email account on their corporate computer and downloads the files onto the corporate machine. Your $20,000 per year email gate was just jumped over for free and the task was completed on time. You also now have malware in your corporate network. The security feature was immovable without serious levels of effort to contact several people and ask permission for an alternative way to get these files. The path of least resistance was visible, so the employee took it. The worst part of this whole scenario is if the security team finds out about the fence hopping, they will create even more fences and gates to lock things down even tighter, leading to even more scenarios where employees might look for a different path. Security increases the resistance when incidents happen. The balance of security versus usability is not sought out but instead made worse to ensure compliance…To read the full story, subscribe to CISO MAG.

This story first appeared in the August 2021 issue of CISO MAG.

About the Author

Dick Wilkinson is the Chief Technology Officer at Proof Labs. He also served as the CTO on staff with the Supreme Court of New Mexico. He is a retired Army Warrant Officer with 20 years of experience in the intelligence and cybersecurity field. He has led diverse technical missions ranging from satellite operations, combat field digital forensics, enterprise cybersecurity as well as cyber research for the Secretary of Defense.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Cybersecurity – The Path of Most Resistance appeared first on CISO MAG | Cyber Security Magazine.

In a very short timeline, computers and electronic technology have drastically changed the way humans live. We have welcomed these devices into our lives to increase convenience and make the most of the things we do easier in our day-to-day lives. The relationship with technology has generally been a very enjoyable experience. Many people enjoy the convenience of technology so much they claim they would be lost without their cell phone, as in literally lost. However, there are some aspects of our relationship with computers that many people find an ever-increasing frustration, enter the password. Passwords and other cybersecurity features are the necessary evil we all tolerate to make sure our computer use is an enjoyable experience and not a string of random fraud and crimes happening on your cellphone or laptop.

By Dick Wilkinson, Chief Technology Officer, Proof Labs

Customers find security features tolerable, not enjoyable. Customers of technology have seen a trend over the decades. The trend calls for smaller devices with fewer buttons, fewer switches, and endless physical interaction with your network or device. The user experience is becoming almost completely touchless and seamless. Voice assistants, like Alexa or Google Home, are the perfect example of what users have always wanted their computers to be: interactive, easy, powerful, and touchless. A serious problem occurs when security features of any new technology slow down the user experience, add physical touches or additional clicks, and require focus and time to make them happen exactly right, or you are locked out of your session. All these interactions are a nuisance to the user. Security has established itself as the path of most resistance in the life of a technology customer.

The path to least resistance causes breaches

Security features are difficult to navigate and create a problem that is often easy to overcome, enter the workaround. Humans by our nature will seek the path of least resistance to get a task done. No matter how serious or trivial the task, we expect to find or create the easiest series of steps to complete the work. Many modern jobs happen in an office with computers and the tasks become repetitive and time-consuming even with the help of computers. The employees completing these repetitive tasks are always seeking the path of least resistance, and that is a good thing. You want to nurture efficiency in your company; letting employees be creative is a great way to find those efficient methods. That creative nature quickly runs afoul of security, which is policy-driven, structured, and immovable by design.

IT security uses rules and rigidness to ensure only the right people get access to only the right information. Security creates digital gates and fences and shuts off access to the path of least resistance. You must go out of your way to pass through our digital gates, or you will never get to the data you are looking for. The earlier example of passwords becomes even more effective to illustrate the disconnect from user expectations that are perpetrated by the security industry. A single username and password challenge is a simple gate to pass through. So easy in fact, that multifactor authentication, or MFA, was created.

Barriers to security

One gate was not enough, we have now introduced multiple gates that require multiple “keys” to pass. That is the exact opposite of what a user wants; they want zero passwords, not extra passwords to make sure the first password works properly. People are smart and have realized that passing through the digital gate is only one option, you can also jump over the fence.

An employee is working with a customer and needs to receive several large files. The files won’t make it through your corporate email scanners/filters because they have odd file extensions or types. There are also restrictions on attachment sizes. To get around this limitation, the employee logs into their personal free email account on their corporate computer and downloads the files onto the corporate machine. Your $20,000 per year email gate was just jumped over for free and the task was completed on time. You also now have malware in your corporate network. The security feature was immovable without serious levels of effort to contact several people and ask permission for an alternative way to get these files. The path of least resistance was visible, so the employee took it. The worst part of this whole scenario is if the security team finds out about the fence hopping, they will create even more fences and gates to lock things down even tighter, leading to even more scenarios where employees might look for a different path. Security increases the resistance when incidents happen. The balance of security versus usability is not sought out but instead made worse to ensure compliance…To read the full story, subscribe to CISO MAG.

This story first appeared in the August 2021 issue of CISO MAG.

About the Author

Dick Wilkinson is the Chief Technology Officer at Proof Labs. He also served as the CTO on staff with the Supreme Court of New Mexico. He is a retired Army Warrant Officer with 20 years of experience in the intelligence and cybersecurity field. He has led diverse technical missions ranging from satellite operations, combat field digital forensics, enterprise cybersecurity as well as cyber research for the Secretary of Defense.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Ongoing Credential Harvesting Campaign Targets Government Agencies in APAC, EMEACISOMAGon September 21, 2021 at 2:56 pm Feedzy

FeedzyRead MoreSecurity researchers uncovered a widespread credential harvesting campaign targeting government agencies across seven countries in the Asia-Pacific (APAC), Europe, and the Middle East and Africa (EMEA) regions. The ongoing credential harvesting campaign has been active since the beginning of 2020, security researchers at threat intelligence firm Cyjax discovered. See also: What are Credential Stuffing Attacks […]
The post Ongoing Credential Harvesting Campaign Targets Government Agencies in APAC, EMEA appeared first on CISO MAG | Cyber Security Magazine.

Security researchers uncovered a widespread credential harvesting campaign targeting government agencies across seven countries in the Asia-Pacific (APAC), Europe, and the Middle East and Africa (EMEA) regions. The ongoing credential harvesting campaign has been active since the beginning of 2020, security researchers at threat intelligence firm Cyjax discovered.

See also: What are Credential Stuffing Attacks and How to Prevent Them

Credential harvesting is a process of gathering compromised user credentials like usernames and passwords. Attackers use various phishing techniques to harvest user credentials and misuse them for their advantage.

Researchers found multiple phishing pages, hostnames, and domains targeting national agencies in Kyrgyzstan, Georgia, Turkmenistan, Ukraine, Pakistan, Belarus, and Uzbekistan. Out of 50 hostnames analyzed, most of them impersonated the Ministry of Foreign Affairs, Ministry of Finance, and Ministry of Energy from Uzbekistan, Belarus, and Turkey. Threat actors also impersonated the Main Intelligence Directorate of Ukraine and the Pakistan Navy.

Other departments targeted in the credential harvesting campaign include:

Information Technology (9.6%)
Telecom (3.8%)
Agriculture (1.9%)
Legal (5.8%)
Real Estate (3.8%)
Water (5.8%)
Education (3.8%)
Energy (1.9%)
Finance (9.6%)
Media (3.8%)
Transportation (5.8%)
Military (5.8%)
Foreign Affairs (21.2%)

Attackers distributed credential harvesting pages posed as mail server login portals for various government departments. Most of the phishing domains in this campaign began with mail. along with the real domain name of the targeted government agency. It is suspected that attackers created fake domain names using Tucows, PublicDomainRegistry, OVH SAS, or VDSINA.

“The threat actors behind this campaign appear to be targeting the email portals of these government departments, potentially as part of an intelligence-gathering campaign. Access to government ministries, particularly a Ministry of Foreign Affairs, is a key part of most nation-state hacking groups’ targeting. This campaign’s main targets, with the most number of phishing pages, appear to be Belarus, Ukraine, and Uzbekistan,” Cyjax said.

Believed to be an APT Campaign

While the threat actors behind the campaign are unknown, Cyjax linked the ongoing phishing campaign to the state-sponsored APT actors.

“The targeting more generally suggests that this could be the work of an advanced persistent threat (APT) working on behalf of a nation-state. While it is, however, possible that this could be a cybercriminal campaign looking to serve as an access broker on underground forums, many of the countries targeted are Russian satellites or Russia itself, countries that many cybercriminals do not target to prevent attention from local law enforcement. Considering the narrow targeting and lack of immediate financial benefit, therefore, we believe this activity is more aligned to a state-sponsored APT campaign,” Cyjax added.

The post Ongoing Credential Harvesting Campaign Targets Government Agencies in APAC, EMEA appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Security researchers uncovered a widespread credential harvesting campaign targeting government agencies across seven countries in the Asia-Pacific (APAC), Europe, and the Middle East and Africa (EMEA) regions. The ongoing credential harvesting campaign has been active since the beginning of 2020, security researchers at threat intelligence firm Cyjax discovered.

See also: What are Credential Stuffing Attacks and How to Prevent Them

Credential harvesting is a process of gathering compromised user credentials like usernames and passwords. Attackers use various phishing techniques to harvest user credentials and misuse them for their advantage.

Researchers found multiple phishing pages, hostnames, and domains targeting national agencies in Kyrgyzstan, Georgia, Turkmenistan, Ukraine, Pakistan, Belarus, and Uzbekistan. Out of 50 hostnames analyzed, most of them impersonated the Ministry of Foreign Affairs, Ministry of Finance, and Ministry of Energy from Uzbekistan, Belarus, and Turkey. Threat actors also impersonated the Main Intelligence Directorate of Ukraine and the Pakistan Navy.

Other departments targeted in the credential harvesting campaign include:

Information Technology (9.6%)
Telecom (3.8%)
Agriculture (1.9%)
Legal (5.8%)
Real Estate (3.8%)
Water (5.8%)
Education (3.8%)
Energy (1.9%)
Finance (9.6%)
Media (3.8%)
Transportation (5.8%)
Military (5.8%)
Foreign Affairs (21.2%)

Attackers distributed credential harvesting pages posed as mail server login portals for various government departments. Most of the phishing domains in this campaign began with mail. along with the real domain name of the targeted government agency. It is suspected that attackers created fake domain names using Tucows, PublicDomainRegistry, OVH SAS, or VDSINA.

“The threat actors behind this campaign appear to be targeting the email portals of these government departments, potentially as part of an intelligence-gathering campaign. Access to government ministries, particularly a Ministry of Foreign Affairs, is a key part of most nation-state hacking groups’ targeting. This campaign’s main targets, with the most number of phishing pages, appear to be Belarus, Ukraine, and Uzbekistan,” Cyjax said.

While the threat actors behind the campaign are unknown, Cyjax linked the ongoing phishing campaign to the state-sponsored APT actors.

“The targeting more generally suggests that this could be the work of an advanced persistent threat (APT) working on behalf of a nation-state. While it is, however, possible that this could be a cybercriminal campaign looking to serve as an access broker on underground forums, many of the countries targeted are Russian satellites or Russia itself, countries that many cybercriminals do not target to prevent attention from local law enforcement. Considering the narrow targeting and lack of immediate financial benefit, therefore, we believe this activity is more aligned to a state-sponsored APT campaign,” Cyjax added.

What are Credential Stuffing Attacks and How to Prevent ThemCISOMAGon September 21, 2021 at 8:57 am Feedzy

FeedzyRead MoreThwarting cyberattacks has become highly complicated today. Unauthorized intrusions have seen a surge despite security measures implemented by internet users and corporates to safeguard their accounts and data. These intrusions often expose consumers to credential stuffing attacks, making it even more difficult for organizations to detect and respond. By Rudra Srinivas, Feature Writer, CISO MAG What […]
The post What are Credential Stuffing Attacks and How to Prevent Them appeared first on CISO MAG | Cyber Security Magazine.

Thwarting cyberattacks has become highly complicated today. Unauthorized intrusions have seen a surge despite security measures implemented by internet users and corporates to safeguard their accounts and data. These intrusions often expose consumers to credential stuffing attacks, making it even more difficult for organizations to detect and respond.

By Rudra Srinivas, Feature Writer, CISO MAG

What are Credential Stuffing Attacks?

In credential stuffing attacks, threat actors leverage stolen or leaked credentials like usernames and passwords to break into user accounts illicitly. Adversaries launch a credential stuffing attack by adding a list of compromised usernames and passwords to botnets or automated tools that initiate the authentication process on various websites.

After compromising user accounts, attackers launch identity theft, phishing, impersonation scams, and other data abuse acts. They mainly obtain user credentials via data breaches or purchase them on the dark web underground markets.

Credential Stuffing vs Brute Force Attacks

In brute-force attacks, attackers guess passwords using dictionaries or common word combinations to penetrate user accounts. Whereas in credential stuffing attacks, hackers rely on legitimate credentials obtained from data leaks and misconfigured servers.

Successful credential stuffing attacks allow hackers to perform

Trade compromised account credentials on the dark web.
E-commerce frauds.
Corporate espionage campaigns.
Identity theft.
Brand impersonation attacks.

Credential Stuffing Attack Landscape

Compared to brute-force attacks, credential stuffing attacks are easy to execute and have a higher success rate because most users keep/reuse the same passwords for different accounts. This allows adversaries to compromise multiple accounts after gaining access to one account. The easy availability of stolen/leaked credentials in underground darknet markets has led to credential stuffing attacks and account takeover (ATO) attacks.

According to a report, the number of corporate credentials with plaintext passwords on the darknet market has increased by 429% since March 2020. Hackers can also monitor an organization’s corporate network and access sensitive data, intellectual property, competitive information, or funds. Several industry vectors have sustained the rise of credential stuffing attacks lately. As per a survey report, credential stuffing attacks on the media industry have increased. Nearly 20% of the 88 billion total credential stuffing attacks were reported on media and video streaming companies. The report also found a 63% year-over-year increase in attacks against the media sector, followed by broadcast TV (630%) and video sites (208%).

Prevention

Strong usernames and passwords won’t prevent hackers from accessing user accounts. Here are some security measures to protect online accounts against credential stuffing attacks:

Enable passwordless authentication process.
Use continuous authentication systems like biometrics or behavioral patterns to verify the user’s authenticity.
Enable Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA).
Avoid reusing leaked/breached credentials.
Check whether your credentials or personal data have been leaked in any data breach at haveibeenpwned.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.

More from Rudra.

The post What are Credential Stuffing Attacks and How to Prevent Them appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Thwarting cyberattacks has become highly complicated today. Unauthorized intrusions have seen a surge despite security measures implemented by internet users and corporates to safeguard their accounts and data. These intrusions often expose consumers to credential stuffing attacks, making it even more difficult for organizations to detect and respond.

By Rudra Srinivas, Feature Writer, CISO MAG

What are Credential Stuffing Attacks?

In credential stuffing attacks, threat actors leverage stolen or leaked credentials like usernames and passwords to break into user accounts illicitly. Adversaries launch a credential stuffing attack by adding a list of compromised usernames and passwords to botnets or automated tools that initiate the authentication process on various websites.

After compromising user accounts, attackers launch identity theft, phishing, impersonation scams, and other data abuse acts. They mainly obtain user credentials via data breaches or purchase them on the dark web underground markets.

Credential Stuffing vs Brute Force Attacks

In brute-force attacks, attackers guess passwords using dictionaries or common word combinations to penetrate user accounts. Whereas in credential stuffing attacks, hackers rely on legitimate credentials obtained from data leaks and misconfigured servers.

Successful credential stuffing attacks allow hackers to perform

Trade compromised account credentials on the dark web.
E-commerce frauds.
Corporate espionage campaigns.
Identity theft.
Brand impersonation attacks.

Credential Stuffing Attack Landscape

Compared to brute-force attacks, credential stuffing attacks are easy to execute and have a higher success rate because most users keep/reuse the same passwords for different accounts. This allows adversaries to compromise multiple accounts after gaining access to one account. The easy availability of stolen/leaked credentials in underground darknet markets has led to credential stuffing attacks and account takeover (ATO) attacks.

According to a report, the number of corporate credentials with plaintext passwords on the darknet market has increased by 429% since March 2020. Hackers can also monitor an organization’s corporate network and access sensitive data, intellectual property, competitive information, or funds. Several industry vectors have sustained the rise of credential stuffing attacks lately. As per a survey report, credential stuffing attacks on the media industry have increased. Nearly 20% of the 88 billion total credential stuffing attacks were reported on media and video streaming companies. The report also found a 63% year-over-year increase in attacks against the media sector, followed by broadcast TV (630%) and video sites (208%).

Prevention

Strong usernames and passwords won’t prevent hackers from accessing user accounts. Here are some security measures to protect online accounts against credential stuffing attacks:

Enable passwordless authentication process.
Use continuous authentication systems like biometrics or behavioral patterns to verify the user’s authenticity.
Enable Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA).
Avoid reusing leaked/breached credentials.
Check whether your credentials or personal data have been leaked in any data breach at haveibeenpwned.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.

More from Rudra.

6 Fundamental Skills Required to Pursue a Career in Digital ForensicsCISOMAGon September 21, 2021 at 5:32 am Feedzy

FeedzyRead MoreIf you are interested in pursuing a digital forensics career, the time is ripe. Digital forensics is a lucrative career path to pursue in 2021 and beyond. The rise in cybercriminal activities stresses digital forensics specialists’ importance in tracing the perpetrators and presenting their findings during criminal proceedings in court. Attackers use various digital devices […]
The post 6 Fundamental Skills Required to Pursue a Career in Digital Forensics appeared first on CISO MAG | Cyber Security Magazine.

If you are interested in pursuing a digital forensics career, the time is ripe. Digital forensics is a lucrative career path to pursue in 2021 and beyond. The rise in cybercriminal activities stresses digital forensics specialists’ importance in tracing the perpetrators and presenting their findings during criminal proceedings in court. Attackers use various digital devices to perform or execute malicious activities, resulting in digital crimes. The scenario requires the assistance of digital forensic investigation to crack the case.

This article explains the skills required to be a certified computer forensics examiner. Before we highlight the skill set aspirants need to gain, let’s learn briefly about the roles and responsibilities of a certified computer forensics examiner, also known as a digital forensic investigator.

Who is a Computer Forensics Investigator?

A computer forensics investigator needs to have sound knowledge of data, forensic and legal principles, and procedures. People who acquire the skills in this field can apply for different roles such as computer forensics technicians, computer forensics investigators, Cyber forensics experts etc.

They are skilled professionals who work with law enforcement to gather and preserve information or evidence from different data sources. After that, the investigator examines the system, computer files, etc., to identify the changes, how they were changed, and track the perpetrator.

Do you have a passion for analyzing and investigating digital crimes and feel this career is right for you? The demand for a computer or digital forensics experts will only increase in the future, with the rising complexities of cyberattacks. Also, this field is rife with opportunities and offers a diverse range of job opportunities.

The following section talks about the basic, yet fundamental skills required to kick start your career in the domain.

Top 6 Skills Required for a Digital Forensics Career

Updating one’s skillset accordingly to pursue a career in digital forensics is essential to understand the flow and techniques of digital forensic experts. Next, we discuss six fundamental and crucial computer forensics skills.

1. Technical and Analytical Skills

An individual must be well versed in technical skills as well as analytical skills. To analyze cybercrime and data based on facts, one must be updated with the latest technologies and operating systems. In addition, analytical skills enhance the ability to judge, analyze and summarize facts and data based on the given criteria or situation, which is essential to evaluate the nature of digital crime and reconstruct the scenario and speculate various reasons and outcomes of the crime.

2. Familiarity with Networking Concepts

One must have an in-depth understanding of networking concepts. While gathering digital evidence, an investigator must know how networking works to understand the numerous ways the data is transmitted. Digital forensic investigation is not limited to just digital devices. They include examining the network to identify if the root cause of an attack was due to network traffic, access of servers, the LAN, WAN, or MAN connection, etc. Being a professional one should understand how to obtain the data present in the network servers while gathering evidence. To successfully understand data transmission via networks, one needs to understand the core concepts of networking.

3. Strong Communication Skills

Communication is vital, especially to convey technical terminologies and procedures to a non-technical individual. It is often related to explaining the investigation procedure to the judge in a court. Digital forensic investigators are required to explain complicated technical terms and practices to the judge in simple terms while simultaneously keeping in mind that the exact issue and technique are conveyed without any alterations.

4. Command Over Cybersecurity Concepts

In digital forensics, there are various terms, procedures, and policies which are related to cybersecurity. One must be familiar with all the basic concepts of cybersecurity like meaning and handling of threats, understanding data breaches, complete knowledge about vulnerabilities, various programming languages, etc. An extensive knowledge helps one understand the methods an attacker would implement, which eases the investigation process. With deep-rooted cybersecurity knowledge, one can identify or guess the type of attack performed, which helps the investigation.

5. Attention to Detail

As an investigator, it is crucial to pay attention to all the minute details. An investigator often needs to think from the attacker’s point of view to understand, speculate and analyze the attack performed. Digital forensic investigators need to pay attention to the minute details considering the nature of the attack, the crime scene, and the tentative motive of the attacker. This must be analyzed with an investigator mindset to decide what aspects/evidence are relevant to the case and what is insignificant. This helps in the investigation process and in understanding the nature of the digital crime.

6. Aspiration to Learn

Technology is a continuously evolving concept. Discoveries and developments to existing technology will always be made, and attackers will improve their attacks methods accordingly. Additionally, an individual must be willing to learn new things, technologies, and constantly evolving skills. Professionals in this field must stay updated with the latest technologies and attacks to understand, obtain solutions, and resolve issues with expertise based on one’s experience and knowledge gained over the years.

While aspirants must acquire the crucial computer forensics skills to become digital forensics experts, they also must be trained formally to develop these skills. Having an analytical frame of mind and critical thinking abilities can come naturally; building a digital forensics skillset requires formal training in a computer forensics course.

How to Build Digital Forensics Skills

Skills are an essential part of building a solid foundation in digital forensics. However, to carve a successful digital forensics career, one must start with an accredited computer forensics course or equivalent, which helps them acquire the required skills and aptitude.

One such credible program is EC-Council’s Certified Hacking Forensics Investigator (C|HFI), which imparts participants with the required skills and knowledge, and helps them build a solid foundation in the digital forensics domain.

This program provides extensive content of the various methods and tools used to conduct an investigation thoroughly. Computer Forensics training is essential for gaining the skills and knowledge to test your abilities in real-world scenarios.

On completion of the course, one can pursue different job roles in the digital forensics domain such as computer forensics investigator, information security analyst, forensics computer analyst, computer forensics technician, security consultant, and information systems security analyst. Individuals who have completed their computer forensic course can expect an average salary of $64,900 per year, as per PayScale. The certification course adds excellent value to your job profile, making it the only and most preferred certification course to step into the digital forensics domain.

Are you ready to crack the toughest challenges in real-world cybercrime scenarios? Join the C|HFI course and be job-ready.

20+ Job Roles | 4,000+ Job Openings | Avg. Salary of $96,000

Start your C|HFI Certification and Explore New Career Opportunities in the World of Digital Forensics.

FAQs

1. What are the common situations in which require digital forensics assistance?

The most common scenarios which require digital forensics investigations to resolve the issue are as follows:

Fraudulent activity via computer
Data theft
Intentional/accidental disclosure of company data
Employee abuse or employee harassment via the Internet
Industrial Espionage
Criminal activity involving digital devices
Damage and recovery assessment post cyber incidents such as hacking, ransomware or malware, etc.

2. What are the different phases of digital forensics investigation?

Five phases that sum up the digital forensic investigation process are as follows:

Identification
Preservation
Analysis
Documentation
Presentation

3. What are the rules of evidence?

Evidence is a critical part of a digital forensic investigation. In order to be admissible in court as legit evidence material, there are 5 rules of digital evidence which the presented evidence must satisfy to be considered valid. The 5 rules are as follows:

Admissibility
Authenticity
Reliability
Sufficiency (should be complete)
Credibility

References:

https://www.guru99.com/digital-forensics.html
https://en.wikipedia.org/wiki/Digital_forensics
https://www.knowitallninja.com/lessons/digital-devices-1/
https://www.reference.com/history/digital-devices-9347afbada025872
https://en.wikipedia.org/wiki/Digital_evidence
https://nij.ojp.gov/digital-evidence-and-forensics
https://www.eccouncil.org/what-is-digital-forensics/
https://online.champlain.edu/blog/top-skills-required-for-computer-forensics-careers
https://www.forbes.com/sites/laurencebradford/2017/04/29/6-skills-required-for-a-career-in-digital-forensics/?sh=461908017fa6
https://blog.elearnsecurity.com/top-5-skills-for-a-career-in-digital-forensics.html
https://cybersecurityguide.org/careers/digital-forensics/
http://www.orionforensics.com/2020/06/20/required-skills-for-digital-forensics-investigators-orion-forensics/
https://subscription.packtpub.com/book/application_development/9781783288311/1/ch01lvl1sec12/rules-of-evidence
https://online.champlain.edu/blog/what-jobs-can-you-get-with-computer-forensics-degree

The post 6 Fundamental Skills Required to Pursue a Career in Digital Forensics appeared first on CISO MAG | Cyber Security Magazine.

If you are interested in pursuing a digital forensics career, the time is ripe. Digital forensics is a lucrative career path to pursue in 2021 and beyond. The rise in cybercriminal activities stresses digital forensics specialists’ importance in tracing the perpetrators and presenting their findings during criminal proceedings in court. Attackers use various digital devices to perform or execute malicious activities, resulting in digital crimes. The scenario requires the assistance of digital forensic investigation to crack the case.

This article explains the skills required to be a certified computer forensics examiner. Before we highlight the skill set aspirants need to gain, let’s learn briefly about the roles and responsibilities of a certified computer forensics examiner, also known as a digital forensic investigator.

Who is a Computer Forensics Investigator?

A computer forensics investigator needs to have sound knowledge of data, forensic and legal principles, and procedures. People who acquire the skills in this field can apply for different roles such as computer forensics technicians, computer forensics investigators, Cyber forensics experts etc.

They are skilled professionals who work with law enforcement to gather and preserve information or evidence from different data sources. After that, the investigator examines the system, computer files, etc., to identify the changes, how they were changed, and track the perpetrator.

Do you have a passion for analyzing and investigating digital crimes and feel this career is right for you? The demand for a computer or digital forensics experts will only increase in the future, with the rising complexities of cyberattacks. Also, this field is rife with opportunities and offers a diverse range of job opportunities.

The following section talks about the basic, yet fundamental skills required to kick start your career in the domain.

Top 6 Skills Required for a Digital Forensics Career

Updating one’s skillset accordingly to pursue a career in digital forensics is essential to understand the flow and techniques of digital forensic experts. Next, we discuss six fundamental and crucial computer forensics skills.

1. Technical and Analytical Skills

An individual must be well versed in technical skills as well as analytical skills. To analyze cybercrime and data based on facts, one must be updated with the latest technologies and operating systems. In addition, analytical skills enhance the ability to judge, analyze and summarize facts and data based on the given criteria or situation, which is essential to evaluate the nature of digital crime and reconstruct the scenario and speculate various reasons and outcomes of the crime.

2. Familiarity with Networking Concepts

One must have an in-depth understanding of networking concepts. While gathering digital evidence, an investigator must know how networking works to understand the numerous ways the data is transmitted. Digital forensic investigation is not limited to just digital devices. They include examining the network to identify if the root cause of an attack was due to network traffic, access of servers, the LAN, WAN, or MAN connection, etc. Being a professional one should understand how to obtain the data present in the network servers while gathering evidence. To successfully understand data transmission via networks, one needs to understand the core concepts of networking.

3. Strong Communication Skills

Communication is vital, especially to convey technical terminologies and procedures to a non-technical individual. It is often related to explaining the investigation procedure to the judge in a court. Digital forensic investigators are required to explain complicated technical terms and practices to the judge in simple terms while simultaneously keeping in mind that the exact issue and technique are conveyed without any alterations.

4. Command Over Cybersecurity Concepts

In digital forensics, there are various terms, procedures, and policies which are related to cybersecurity. One must be familiar with all the basic concepts of cybersecurity like meaning and handling of threats, understanding data breaches, complete knowledge about vulnerabilities, various programming languages, etc. An extensive knowledge helps one understand the methods an attacker would implement, which eases the investigation process. With deep-rooted cybersecurity knowledge, one can identify or guess the type of attack performed, which helps the investigation.

5. Attention to Detail

As an investigator, it is crucial to pay attention to all the minute details. An investigator often needs to think from the attacker’s point of view to understand, speculate and analyze the attack performed. Digital forensic investigators need to pay attention to the minute details considering the nature of the attack, the crime scene, and the tentative motive of the attacker. This must be analyzed with an investigator mindset to decide what aspects/evidence are relevant to the case and what is insignificant. This helps in the investigation process and in understanding the nature of the digital crime.

6. Aspiration to Learn

Technology is a continuously evolving concept. Discoveries and developments to existing technology will always be made, and attackers will improve their attacks methods accordingly. Additionally, an individual must be willing to learn new things, technologies, and constantly evolving skills. Professionals in this field must stay updated with the latest technologies and attacks to understand, obtain solutions, and resolve issues with expertise based on one’s experience and knowledge gained over the years.

While aspirants must acquire the crucial computer forensics skills to become digital forensics experts, they also must be trained formally to develop these skills. Having an analytical frame of mind and critical thinking abilities can come naturally; building a digital forensics skillset requires formal training in a computer forensics course.

How to Build Digital Forensics Skills

Skills are an essential part of building a solid foundation in digital forensics. However, to carve a successful digital forensics career, one must start with an accredited computer forensics course or equivalent, which helps them acquire the required skills and aptitude.

One such credible program is EC-Council’s Certified Hacking Forensics Investigator (C|HFI), which imparts participants with the required skills and knowledge, and helps them build a solid foundation in the digital forensics domain.

This program provides extensive content of the various methods and tools used to conduct an investigation thoroughly. Computer Forensics training is essential for gaining the skills and knowledge to test your abilities in real-world scenarios.

On completion of the course, one can pursue different job roles in the digital forensics domain such as computer forensics investigator, information security analyst, forensics computer analyst, computer forensics technician, security consultant, and information systems security analyst. Individuals who have completed their computer forensic course can expect an average salary of $64,900 per year, as per PayScale. The certification course adds excellent value to your job profile, making it the only and most preferred certification course to step into the digital forensics domain.

Are you ready to crack the toughest challenges in real-world cybercrime scenarios? Join the C|HFI course and be job-ready.

20+ Job Roles | 4,000+ Job Openings | Avg. Salary of $96,000

Start your C|HFI Certification and Explore New Career Opportunities in the World of Digital Forensics.

Get Certified Now

FAQs

1. What are the common situations in which require digital forensics assistance?

The most common scenarios which require digital forensics investigations to resolve the issue are as follows:

Fraudulent activity via computer
Data theft
Intentional/accidental disclosure of company data
Employee abuse or employee harassment via the Internet
Industrial Espionage
Criminal activity involving digital devices
Damage and recovery assessment post cyber incidents such as hacking, ransomware or malware, etc.

2. What are the different phases of digital forensics investigation?

Five phases that sum up the digital forensic investigation process are as follows:

Identification
Preservation
Analysis
Documentation
Presentation

3. What are the rules of evidence?

Evidence is a critical part of a digital forensic investigation. In order to be admissible in court as legit evidence material, there are 5 rules of digital evidence which the presented evidence must satisfy to be considered valid. The 5 rules are as follows:

Admissibility
Authenticity
Reliability
Sufficiency (should be complete)
Credibility

References:

https://www.guru99.com/digital-forensics.html
https://en.wikipedia.org/wiki/Digital_forensics
https://www.knowitallninja.com/lessons/digital-devices-1/
https://www.reference.com/history/digital-devices-9347afbada025872
https://en.wikipedia.org/wiki/Digital_evidence
https://nij.ojp.gov/digital-evidence-and-forensics
https://www.eccouncil.org/what-is-digital-forensics/
https://online.champlain.edu/blog/top-skills-required-for-computer-forensics-careers
https://www.forbes.com/sites/laurencebradford/2017/04/29/6-skills-required-for-a-career-in-digital-forensics/?sh=461908017fa6
https://blog.elearnsecurity.com/top-5-skills-for-a-career-in-digital-forensics.html
https://cybersecurityguide.org/careers/digital-forensics/
http://www.orionforensics.com/2020/06/20/required-skills-for-digital-forensics-investigators-orion-forensics/
https://subscription.packtpub.com/book/application_development/9781783288311/1/ch01lvl1sec12/rules-of-evidence
https://online.champlain.edu/blog/what-jobs-can-you-get-with-computer-forensics-degree

Immutable Backups are Key to Becoming Resilient Against Ransomware: VeeamCISOMAGon September 20, 2021 at 4:00 pm Feedzy

FeedzyRead MoreRansomware groups now prioritize seeking and encrypting data in backups to make the recovery process difficult unless the ransom is paid. That’s why it’s important to realize that backups are a good start for ransomware protection. A framework proposed by Veeam might just help. The framework is described in Veeam’s recently published whitepaper titled “5 […]
The post Immutable Backups are Key to Becoming Resilient Against Ransomware: Veeam appeared first on CISO MAG | Cyber Security Magazine.

Ransomware groups now prioritize seeking and encrypting data in backups to make the recovery process difficult unless the ransom is paid. That’s why it’s important to realize that backups are a good start for ransomware protection. A framework proposed by Veeam might just help. The framework is described in Veeam’s recently published whitepaper titled “5 Ransomware Protection Best Practices”. This is based on the NIST cybersecurity framework (NIST CSF), which organizations widely adopt. The framework advocates the 3-2-1-1-0 Rule for immutable backups.

According to Veeam, this whitepaper is a definitive guide that educates the market about the established Cybersecurity Framework of 5 key functions that can be used to increase an organization’s resiliency to ransomware:

Identify
Protect
Detect
Respond
Recover

Veeam believes these five functions are a proven way to ensure reliability for critical IT infrastructure. This paper outlines how advanced data protection techniques are organized in this framework and provide more options than ever to ensure data recoverability. This paper also highlights Veeam capabilities in each function of the framework to provide the most options in the market.

Veeam said the Cybersecurity Framework is the way to integrate a cybersecurity practice into the daily tasks of each of the IT disciplines, and it should be widely adopted in the organization. In other words, everyone is on the cybersecurity team.

CISO MAG discussed the paper with Rick Vanover, Senior Director of Product Strategy for Veeam.

“This is actually the same cybersecurity framework that a lot of government organizations use. And I have a mindset that everyone in an enterprise from end users to administrators, has a role in cybersecurity. I would recommend all of the disciplines, all of the practices within an IT organization — I recommend all of them to use this type of framework. Because this is a really simple model that is very effective to deal with the threat. And the ‘how’ is by simply aligning what everyone does, from end-users, administrators, PC support people, the server administrators, and application owners. if everyone’s consistent with this framework, there’s a very good level of preparation to deal with the incident,” said Vanover.

Some of the questions addressed by this Veeam paper are:

What immutability options are out there on the market?
What is an air gap?
How can ransomware be detected?
What is the state of ransomware response plans?
How does data become identified?
What is the difference between the 3-2-1 and the new 3-2-1-1-0 rule?

Vanover summarized the three big takeaways of this whitepaper as:

The world needs immutable copies of data more than ever.
The world needs mechanisms to detect and monitor ransomware more than ever.
Organizations need to prepare the response right now.

“I see a lot of organizations not execute the response to an incident as being one of the problems. For example, they can spend a day trying to decide what to do. They can spend a day trying to get approval on, hey, do we actually call this a disaster?” said Vanover. “If we don’t have immutable copies of data, I can’t ensure recovery. If we don’t have good monitoring and alerting, that’s going to slow down our response. If we don’t have good response mechanisms, then those are the scenarios when we end up on the news.”

Vanover said there are a lot of immutable options in the market, from storage providers to cloud providers, and even hardware systems. He is sure that even yesteryears tape media is “a very resilient specimen” for mutability, especially when the tape media is removed from a library.

“The very good news is that there are a lot of options right now, if it’s the public cloud, if it’s object storage systems, on-premises, even Linux immutable file systems,” added Vanover.

The 3-2-1-1-0 Rule for Immutable Backups

For many years, Veeam has advocated for using the 3-2-1 Rule as a general data management strategy. Digital photographer Peter Crowe created the 3-2-1 Rule for storage media. The Rule recommends that there should be at least three copies of important data, on at least two different types of media, with at least one of these copies being off-site. The 3-2-1 Rule is hardware agnostic and is versatile enough to address nearly any failure scenario.

However, as the threat of ransomware has advanced, Veeam has now emphasized that the “one” copy of data be ultra-resilient (i.e., air-gapped, offline or immutable). This recommendation is imperative to becoming resilient against ransomware and to create immutable backups.

This is reflected in the 3-2-1-1-0 Rule, which addresses this ultra-resilient copy requirement for immutable backups. So, the 3-2-1 Rule has advanced to recommend that one copy of your data be immutable, offline, or air-gapped, which means zero backup errors with Veeam’s industry-leading SureBackup(R) automated recovery verification.

“The 1-0 is the new twist Veeam added, and it addresses additional threats with data, namely ransomware. The additional advice is to have one of these copies be immutable, offline or air gapped. And then the zero is to have automated recovery verification. So, knowing that your backups are recoverable, that’s an additional important check to have,” said Vanover.

Veeam Software is a privately held US-based information technology company owned by Insight Partners that develops backup, disaster recovery and modern data protection software for virtual, physical, and multi-cloud infrastructures.

The paper can be accessed here.

The post Immutable Backups are Key to Becoming Resilient Against Ransomware: Veeam appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Ransomware groups now prioritize seeking and encrypting data in backups to make the recovery process difficult unless the ransom is paid. That’s why it’s important to realize that backups are a good start for ransomware protection. A framework proposed by Veeam might just help. The framework is described in Veeam’s recently published whitepaper titled “5 Ransomware Protection Best Practices”. This is based on the NIST cybersecurity framework (NIST CSF), which organizations widely adopt. The framework advocates the 3-2-1-1-0 Rule for immutable backups.

According to Veeam, this whitepaper is a definitive guide that educates the market about the established Cybersecurity Framework of 5 key functions that can be used to increase an organization’s resiliency to ransomware:

Identify
Protect
Detect
Respond
Recover

Veeam believes these five functions are a proven way to ensure reliability for critical IT infrastructure. This paper outlines how advanced data protection techniques are organized in this framework and provide more options than ever to ensure data recoverability. This paper also highlights Veeam capabilities in each function of the framework to provide the most options in the market.

Veeam said the Cybersecurity Framework is the way to integrate a cybersecurity practice into the daily tasks of each of the IT disciplines, and it should be widely adopted in the organization. In other words, everyone is on the cybersecurity team.

CISO MAG discussed the paper with Rick Vanover, Senior Director of Product Strategy for Veeam.

“This is actually the same cybersecurity framework that a lot of government organizations use. And I have a mindset that everyone in an enterprise from end users to administrators, has a role in cybersecurity. I would recommend all of the disciplines, all of the practices within an IT organization — I recommend all of them to use this type of framework. Because this is a really simple model that is very effective to deal with the threat. And the ‘how’ is by simply aligning what everyone does, from end-users, administrators, PC support people, the server administrators, and application owners. if everyone’s consistent with this framework, there’s a very good level of preparation to deal with the incident,” said Vanover.

Some of the questions addressed by this Veeam paper are:

What immutability options are out there on the market?
What is an air gap?
How can ransomware be detected?
What is the state of ransomware response plans?
How does data become identified?
What is the difference between the 3-2-1 and the new 3-2-1-1-0 rule?

Vanover summarized the three big takeaways of this whitepaper as:

The world needs immutable copies of data more than ever.
The world needs mechanisms to detect and monitor ransomware more than ever.
Organizations need to prepare the response right now.

“I see a lot of organizations not execute the response to an incident as being one of the problems. For example, they can spend a day trying to decide what to do. They can spend a day trying to get approval on, hey, do we actually call this a disaster?” said Vanover. “If we don’t have immutable copies of data, I can’t ensure recovery. If we don’t have good monitoring and alerting, that’s going to slow down our response. If we don’t have good response mechanisms, then those are the scenarios when we end up on the news.”

Vanover said there are a lot of immutable options in the market, from storage providers to cloud providers, and even hardware systems. He is sure that even yesteryears tape media is “a very resilient specimen” for mutability, especially when the tape media is removed from a library.

“The very good news is that there are a lot of options right now, if it’s the public cloud, if it’s object storage systems, on-premises, even Linux immutable file systems,” added Vanover.

For many years, Veeam has advocated for using the 3-2-1 Rule as a general data management strategy. Digital photographer Peter Crowe created the 3-2-1 Rule for storage media. The Rule recommends that there should be at least three copies of important data, on at least two different types of media, with at least one of these copies being off-site. The 3-2-1 Rule is hardware agnostic and is versatile enough to address nearly any failure scenario.

However, as the threat of ransomware has advanced, Veeam has now emphasized that the “one” copy of data be ultra-resilient (i.e., air-gapped, offline or immutable). This recommendation is imperative to becoming resilient against ransomware and to create immutable backups.

This is reflected in the 3-2-1-1-0 Rule, which addresses this ultra-resilient copy requirement for immutable backups. So, the 3-2-1 Rule has advanced to recommend that one copy of your data be immutable, offline, or air-gapped, which means zero backup errors with Veeam’s industry-leading SureBackup(R) automated recovery verification.

“The 1-0 is the new twist Veeam added, and it addresses additional threats with data, namely ransomware. The additional advice is to have one of these copies be immutable, offline or air gapped. And then the zero is to have automated recovery verification. So, knowing that your backups are recoverable, that’s an additional important check to have,” said Vanover.

Veeam Software is a privately held US-based information technology company owned by Insight Partners that develops backup, disaster recovery and modern data protection software for virtual, physical, and multi-cloud infrastructures.

The paper can be accessed here.