Connect with us

Expert Speak

The Convergence of the Threat Landscape is Here



As organizations continue to embrace digital transformation, the phenomenon of convergence is taking place in several different ways. For example, more and more use cases are being developed where previously distinct and separate technologies—such as IT and OT—are being integrated.

This presents a double-edged sword for organizations everywhere. Businesses are undoubtedly reaping the benefits of digital transformation—finding business efficiencies, saving costs, and successfully enabling their employees to Work From Anywhere (WFA). But these rapid changes are opening the floodgates for cybercriminals who now have more attack surfaces than ever at their disposal for carrying out malicious activities.

It’s not surprising that bad actors are catching on and upping the ante accordingly. We’re increasingly seeing cybercriminals targeting the expanding digital attack surface by executing more complex and destructive attacks, resulting in more widespread impact.

Meanwhile, the threat landscape is also converging. Recent attack trends are showing the evolution of cybercriminals’ “borrowing” and converging models traditionally seen only among Advanced Persistent Threat (APT) groups. Here’s a closer look at what our FortiGuard Labs team is observing, along with what it means when it comes to managing your organization’s ever-changing risk.

The Convergence of Advanced Persistent Threats and Cybercrime
While a traditional attacker might use straightforward methods of infiltrating a network, such as deploying a Trojan or relatively simple malware, APT attackers use more advanced techniques. For example, an APT attacker might use elaborate espionage tactics over a longer period and involve multiple actors at an organization to meet a specific goal, such as getting behind that company’s firewalls.

The reality is that a business of any size can be a target, but high-profile APT attacks have historically targeted prominent businesses, public figures, or governments. Yet APT-style attacks—meaning more converged attack types—are on the rise, and what’s concerning is that traditional cybercrime groups are now carrying them out.

Wiper malware is a prime example of the convergence between APT-style activity and general cybercrime. Wipers are a tactic we typically observe being used by nation-state actors, while non-APT cybercrime groups usually distribute malware such as ransomware.

Wiper malware isn’t new—the first instance surfaced in 2012—yet we’re seeing a growing trend of cybercriminals using these more destructive and sophisticated attack techniques and doing so in OT environments. In the first six months of 2022, we observed at least eight significant new wiper variants—WhisperGate, HermeticWiper, AcidRain, IsaacWiper, DesertBlade, CaddyWiper, DoubleZero, and Industroyer.V2—used by attackers in various targeted campaigns against government, military, and private organizations. This number is important because it’s nearly as many total wiper variants as having been publicly detected in the past 10 years. While we saw a substantial increase in the use of this attack vector in conjunction with the war in Ukraine, the use of disk-wiping malware was also detected in 24 additional countries.

Emerging Trends: Targeted Playbooks, More Destruction, Stealthier Tactics
In addition to the convergence of the types of threats attackers rely on to achieve their new, more destructive goals, we’re also seeing general cybercrime attack playbooks become more targeted. This is a shift among general cybercrime, as targeted playbooks are typically a hallmark of APT groups.

This trend is especially evident when we look at ransomware activity. In fact, according to a recent survey, 85% of organizations are more worried about a ransomware attack than any other cyber threat.

And attackers are becoming stealthier as they seek to fly under an organization’s radar. In the past six months, we’ve observed defense evasion as the top tactic employed by malware developers. Hiding malicious intentions is one of the essential skills for malware developers to master, so it makes sense that they’d try to achieve this by hiding commands to evade a business’s defenses.

What This Means for Security Professionals
As advanced persistent threats begin to converge with general cybercrime, cybercriminals are increasingly focused on trying to evade security, detection, intelligence, and controls. They’re spending more time on reconnaissance and are finding ways to weaponize new technologies.

Like all security challenges, there’s no single solution or a quick fix to protecting your organization against this type of activity. Yet one of the best protective measures you can take is proactively creating behavioral-based detections based on updated, real-time threat intelligence. Organizations will be better positioned to secure against the broad toolkits of adversaries armed with this actionable intelligence. Integrated, AI and ML-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are important to protect across all edges of hybrid networks.

To protect against more destructive ransomware, organizations, regardless of industry or size, need a proactive approach that can evolve as ransomware evolves. Real-time visibility, protection, and remediation coupled with advanced endpoint detection and response (EDR) are critical. An inline sandbox on a firewall can hold suspicious files for malware analysis until it is safe to be let onto the network.

In addition, services such as a digital risk protection service (DRPS) can be used to do external threat surface assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats. Regardless of “in-the-office” or “work-from-anywhere” zero-trust network access (ZTNA) is critical for securing access to applications regardless of where work or learning is taking place.

Managing a constantly evolving array of threats, tactics, and techniques, often feels like treading water in the open ocean. You can’t touch the bottom, and you’re not sure when the next boat will pass by. But the more we become aware of our surroundings and take steps to protect our organization from them, the better prepared we’ll be when the next storm inevitably starts to brew.

Expert Speak

Don’t Brush It Off – Plan Your Incident Response Now



In business, impermanence is the only certainty. An example is how organizations addressed the COVID-19 pandemic. Within a few weeks, many developed a plan to run their businesses remotely.

More than three-quarters of organizations worldwide don’t have an IT incident response plan in place because most believe they have little risk of becoming a cyberattack statistic. Unfortunately, that’s still likely to happen.

According to africanews, in the past year, Kenya has experienced a concerning rise in cyberattacks, with a remarkable 860 million incidents documented in 2022.

As wisely expressed by Benjamin Franklin, “By failing to prepare, you’re preparing to fail.” Let’s explore a strategic incident response plan for your organization.

Create a Backup
Business networks are complex and large, and oftentimes, a network outage results in financial and reputational repercussions, including disgruntled clients. It’s imperative to create a backup of critical data and systems that you can’t run your business without, and store it in a safe location. When the inevitable breach occurs, your business will be able to recover as quickly as possible.

Never Say Never
While a workforce continuity plan might seem unimportant and nonurgent, the pandemic prompted IT departments worldwide to quickly realize the importance of being able to rapidly change the way their organizations conducted business.

Here are a few steps to help you draft a business continuity plan to address the next disruption:

  • Form a team with representatives from each department and understand their workflow.
  • Identify critical business functions and find a way to prioritize them.
  • Assess the risks for every process in your organization and record them.
  • Develop a risk mitigation strategy to protect your critical business functions from those risks.
  • Document the entire procedure and keep it up to date.

Train Your Employees
A common hurdle with an incident response plan is ensuring that employees take the plan seriously. To deter the mindset that the plan is “less urgent,” educate employees about its importance and the repercussions that can result from cyber threats and cyber incidents. It’s vital to conduct regular training sessions to address hardware failures, software glitches, network outages, and security breaches so that you efficiently mitigate a cybersecurity incident.

What Doesn’t Kill You Makes You Stronger
Understand the points of failure in your previous incidents and find a way to rectify them. Single points of failure should be addressed by establishing a backup, not just in terms of network and systems but also in terms of staff allocation. Relying on a single person, especially when it comes to a critical network, is not a great idea. Delegate a second person to reach out and provide assistance in case of an incident.

While incident response might seem insignificant in the larger scheme of things, when a disaster hits, it could potentially devastate your business. Take some time to prioritize incident management and make it part of your organization’s culture by creating a backup, training your employees, drafting a workplace continuity plan, and learning from your past incidents. Learn more about IT incident management for your business.

Continue Reading

Cyber Security

Cybersecurity on a Budget: Affordable Cybersecurity Strategies for Small Businesses



According to a survey by Statista, typically, global enterprises dedicate a minimum of 12% of their IT expenditure to information security measures. While larger companies can afford to spend a lot on building a robust cybersecurity strategy, smaller businesses cannot. So, let’s explore some affordable cybersecurity strategies for small businesses that may cost less but have a greater impact.

Train your employees
An article from Forbes found that, annually, 34% of businesses worldwide encounter incidents involving insider attacks. Whether intentional or unintentional, employees tend to be the reason for most data breaches. Per the same article, phishing emails account for 67% of accidental insider attacks.

Phishing attacks mostly instil a sense of urgency in the victim, making it harder for them to think clearly before making a decision. For example, employees may click an email announcement about a bonus that actually came from a malicious outsider impersonating your company’s CEO.

To avoid such mistakes, it’s imperative to train employees on the types of phishing attacks and the ways to identify them. Even going as far as sending a mock phishing email occasionally to test their instincts and educate them can go a long way.

Assess your vulnerabilities
One of the most important cybersecurity strategies is to assess all your risk points by periodically reviewing all your business processes. Pay more attention to teams that deal with a lot of customer data. For instance, sales and marketing teams may handle customer data on a day-to-day basis, so they are at high risk of leaking or mishandling data. Assess their daily activities, create a record of all the risk points, and find ways to mitigate them.

Encrypt your data
Encrypting your data can be an effective method to protect it in case of data leaks. Let’s say a hacker gets hold of your company’s data, but it’s encrypted. Unless the hacker gets the encryption key from you, they cannot access your company’s data. This adds another layer of protection in addition to the everyday cybersecurity best practices that you should be following in your company. So make it a point to encrypt all your data, especially sensitive and critical data.

Limit access to critical data
Not everyone requires access to all data. Try to limit access to critical and sensitive data to fewer employees by basing access on work duties or requiring approval for access, making it a multi-step process to access it. Additionally, periodically review who has access to what data to ensure there aren’t any misallocations of access.

Secure your Wi-Fi
A secure network will reduce the chances of a hack or unauthorized access to your sensitive data. So switch your Wi-Fi to WPA2 or later, as it offers more security. Your business might already be using it, but it’s best to be sure. Additionally, change the name of your SSID and have a strong pre-shared key to keep your Wi-Fi safe from hackers.

Prevent physical theft
Through April 2023, there were 3,785 robberies in London, and 1,765 were of mobile phones. This highlights how important it is to secure your physical assets, as they might contain critical and sensitive information about your organization.

Here are some ways to protect your physical assets, such as PCs, laptops, scanners, and printers:

  1. Restrict unauthorized access to assets.
  2. Install a physical tracker on all devices to track down lost items.
  3. Enable remote wiping of data to erase information if a device is lost.

Cybersecurity strategies are seldom drafted with affordability in mind. However, it is crucial to consider them from a financial perspective, as small businesses are also increasingly susceptible to cyberattacks. These tips can help you take the first step toward creating a secure IT environment. Learn more about cybersecurity solutions for your business.

Continue Reading

Cyber Security

Managed Security Service: Right Choice for Your Company?



Written by Lev Matveev, SearchInform Founder and Chairman of the Board of Directors

75% of information security experts consider insider threats more dangerous than hacker attacks. This is proven by the SearchInform survey conducted annually. Insider threats include data loss, fraud, theft, kickbacks, business on the side, etc. These are serious risks for any business, resulting in major financial losses, reputational damage and fines from law enforcement agencies. Nevertheless, many companies still do not ensure reliable protection against insider threats.

The reasons are the following:

  • Hardware and software for data protection are costly
  • The market lacks data security experts
  • SMEs cannot compete with large enterprises to engage professionals.

According to our 2022 survey, one-third of companies recognize an acute shortage of information security experts and cannot ensure protection in-house. Therefore, in 2019 we decided to launch a managed security service based on our protection solutions, which gives the opportunity to use them without hiring security specialists.

The SearchInform service provides protection against data breaches, internal fraud, document forgery and other violations by employees. It solves the tasks of monitoring employee working hours, compliance with legal and regulatory requirements, and many more.

We take on all tasks that are usually handled by in-house security staff. Our experts install and maintain security software, customize security policies for effective control, constantly monitor the situation in the company, detect incidents and investigate them. The client receives detailed and visual reports, as well as emergency alerts if it is required to take urgent measures and prevent an incident.

Availing the service, the client does not need to hire a security expert and therefore does not need to spend on social benefits, vacations or sick leaves. The client’s business remains protected if a security employee resigns or takes an unpaid leave. At the same time, our analyst has diverse work experience, knows the solutions well and has all the necessary competencies to work with them.  Since we are unacquainted with the client’s employees, our expert will be impartial and will not take anyone’s side. All this allows the clients to save time and money.

When do companies really need MSS?
According to our observations, the service is the best choice for companies with 30-500 employees and without an in-house IS department.  When the staff number increases, top managers can no longer control everything and face a high risk of incidents.

Here are a few common situations when you should choose managed security service.

  1. A company does not have internal security officers or lacks the budget to form a security department. Our service was originated to make data security more affordable. It significantly reduces the company’s costs, as there is no need to purchase software licenses, hardware, or hire a full-time information security officer. 
  2. Full-scale protection is required immediately. Companies often turn to managed security services after an incident has already occurred. It becomes clear that to prevent this in future, it is necessary to implement special security software, purchase additional equipment, and hire a data security officer. These steps will take a lot of time. The service will start protecting your business within 1-2 days.
  3. A company is not sure that the purchase of security systems will pay off eventually. Our service is an opportunity to test them in real conditions and assess whether they are worth purchasing in each specific case. One first month of the service is free.
  4. A company wants to conduct a security audit and get a complete picture of the corporate security. The service allows you to quickly find out what data is stored, where exactly it is stored and whether there are access rights violations. As far as the first month, our expert detects cases of corporate fraud, document forgery and other violations, as well as cases of idleness, business on the side or work for competitors. 
  5. For compliance with regulatory requirements. More and more regulations are being adopted or waiting to be adopted. SAMA, GDPR, and DCC incentivize companies to take measures to ensure data security. Some regulations, such as the UAE Information Security Regulation issued by the United Arab Emirates Telecommunications and Digital Technology Authority, even stipulate the use of DLP as a means of preventing data loss. To avoid the risk of hefty fines or lawsuits for non-compliance, you can use our managed security service.

I believe that outsourced data security should soon become as widespread as outsourced accounting or IT services. It is just a matter of time.

SearchInform offers a free trial version for one month! 

During this month, clients can assess whether the service really meets their needs. According to our experience, 100% of companies discover some kind of problems during the trial, ranging from the idleness of their employees to corporate fraud and confidential data leakage. 70% of companies that request a free trial continue to work with us.

Request a free trial of the service for one month!

Contact us for more information:
Office Address: 10C-15, I-Rise Tower, Hessa Street, Barsha Heights, Dubai, UAE.

– Sponsored Content

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.