background preloader


Facebook Twitter

Ascent InfoSec

Ascent InfoSec provides professional cybersecurity consulting and managed security services to mid-size & large-size companies and public sector & educational organizations.

Web Application Firewall – An introduction. Office365 Advanced Threat Protection. Microsoft Office 365 is a major and the most widely used email platform for small businesses to large enterprises and government alike.

Office365 Advanced Threat Protection

From most metrics, 83-87% of cyber threats involve an email as a primary delivery method. It is obvious that your cybersecurity initiatives should include email protection along with the traditional protection of your machine and the network. So, we have taken up this series of blogs to discuss the security features that Microsoft has made available. With people working from home, the email security has become even more important. Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that secures your organization against unknown malware, viruses, phishing attacks by providing robust zero-day protection and incorporates features to protect your organization from malicious links and malicious attachments in real-time.

Educational Institutes are increasingly becoming the targets of cybercrimes. When the Public Sector IT leadership is taking a stand against paying ransom, the attacks have changed to steal money, instead of holding hostage.

Educational Institutes are increasingly becoming the targets of cybercrimes

Even though Backup is essential and a lot of value against cyber-crimes, it cannot be the primary (or only) protection against cybercrimes. It is one of the tools in the arsenal to manage the impact of a malware (especially ransomware). Hackers have stolen $800,000 from Cape Code Community College via phishing attack and malware. The phishing email disguised as coming from another college.

The attachment had a polymorphic virus attached. In the recent months, there have been multiple attacks on Community Colleges, Medium-sized Universities, Educational organizations, K-12 School Districts, in addition to crimes on local governments. The above map shows incidents reported since 2016. Video explaining Malware Attacks on Schools The advisory also insists on carrying security audits to identify weakness and asks to update/patch vulnerable systems.

MSPs continue to suffer Ransomware attacks. The trend of attacking Managed IT Service Providers is continuing.

MSPs continue to suffer Ransomware attacks

An MSP paid hackers about $150,000 to unlock dataHackers specifically targeting MSP software platforms to launch ransomware attacksRyuk ransomware hitting a Cloud Service Provider that works closely with MSPs. Hackers have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. US Mayors Vow to Reject Ransomware Payment Demands. The U.S.

US Mayors Vow to Reject Ransomware Payment Demands

Conference of Mayors has unanimously resolved not to give in to any ransom demands from the hackers. This is coming after a series of cyber shakedowns that have extorted millions from city governments. Considering the number of ransomware targeting cities and municipalities has grown both in frequency and intensity, the resolution, while not legally binding, establishes an official position that U.S. mayors aren’t going to take it anymore. Microsoft to roll out free software to guard the U.S. voting machines. Microsoft announced that it would give away software designed to improve the security of US voting machines, even as said to have tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle.

Microsoft to roll out free software to guard the U.S. voting machines

The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.” Cybercriminals hit MSP software to launch Ransomware. Hackers have leveraged Managed IT Services Provider (MSP) software to spread ransomware to their customers’ systems.

Cybercriminals hit MSP software to launch Ransomware

The attackers have hacked and gained access into an MSP-centric cybersecurity console from Webroot, while also exploiting Remote Monitoring and Management (RMM) software from Kaseya. Both software makershave saidthat the issues involve compromised credentials and not any software vulnerabilities in their products. Webroot has made the two-factor authentication mandatory as an extra precaution. About 200 hosts were encrypted and this is very small fraction of the MSPs using this widely used software. Department of Homeland Security: Some IT Consultants weaken Office 365 Security. The DHS has issued a memo essentially stating that some IT consulting firms and Managed IT service providers (MSPs) involved in Office 365 migrations are not properly securing the cloud productivity suite for customers.

Department of Homeland Security: Some IT Consultants weaken Office 365 Security

The statement, from the US-CERT arm of the DHS, represents both a challenge and an opportunity for MSPs and MSSPs. On the one hand, such statements can give the overall IT consulting and IT services market a black eye. McAfee Advanced Threat Defense enhancing protection and investigation - Ascent InfoSec. Threat Intelligence: Top 10 Threats detected by McAfee - Ascent InfoSec. Banking Botnets: Cybercriminals adapting and sophisticated - Ascent InfoSec. Since publishing information about top banking botnets and takedown efforts in 2014, Dell SecureWorks Counter Threat Unit™ (CTU) security intelligence researchers have observed cybercriminals learning from past experience and quickly adapting when banks and other financial institutions improve their security measures.

Banking Botnets: Cybercriminals adapting and sophisticated - Ascent InfoSec

Takedown efforts continued in 2015, with global law enforcement partnering with organizations in the private sector to launch operations targeting two of the most active banking botnets: Ramnit and Bugat v5 (Dridex). Europol collaborated with multiple law enforcement and industry partners in early 2015 to seize servers and other important infrastructure owned by the group operating the Ramnit botnet. In the fall of 2015, the CTU™ research team collaborated with the UK National Crime Agency (NCA), the U.S.

Five tips to defend against Ransomware - Ascent InfoSec. Threat Intelligence: Research team finds emerging threats - Ascent InfoSec. The Advanced Threat Research (ATR) team investigates emerging threats and work with global law enforcement to stop cyber criminals.

Threat Intelligence: Research team finds emerging threats - Ascent InfoSec

Threat Landscape Dashboard Better threat awareness means better protection for your business. Access our threat dashboard to get an overview of key threats being tracked by McAfee researchers. MSSP: Creative solution to cybersecurity concern - Ascent InfoSec. Most IT security professionals believe an industry-wide skills gap is forcing organizations to explore creative solutions to address cybersecurity concerns, according to a survey conducted by Tripwire and Dimensional Research.

MSSP: Creative solution to cybersecurity concern - Ascent InfoSec

The survey of 315 IT security professionals revealed: 93 percent of respondents said that they are concerned about an industry-wide skills gap.81 percent stated that the skills required to be a “great” security staff have changed.72 percent said that it is getting difficult to hire adequately skilled security personnel.96 percent believe that automation will help in solving the skills gap in the future. Cybersecurity attacks on Cloud - Ascent InfoSec. Cybersecurity attacks on Cloud-based user accounts spiked 300 percent in 2017 compared to the same period last year, according to latest edition of Microsoft’s Security Intelligence Report.

Heading the list of vulnerabilities are all the usual suspects: Weak, guessable passwords, and poor password management, followed by targeted phishing attacks and breaches of third-party services. Here are six additional top-level findings from the report: As organizations increasingly migrate to the cloud, there is growing frequency and sophistication of attacks on consumer and enterprise accounts in the cloud.The number of account sign-ins attempted from malicious IP addresses increased 44 percent year-over-year in Q1 2017. Q3 Threats Report from McAfee Labs - Ascent InfoSec. Cyberthreats and security incidents continue to claim the top headlines, keeping cybersecurity the top topic in our minds. The McAfee® Labs Threats Report: September 2017 takes a look back at WannaCry, its impact, and how it exploited not only technical vulnerabilities, but business processes.

Additionally, report looks at how threat hunting is performed in organizations today—including the use of human and artificial intelligence. Pragmatic ways to use indicators of compromise to protect better. 9 things you can do for your SMB to avoid a data breach - Ascent InfoSec. Refuse Paying Ransom - Ascent InfoSec. Mecklenburg County in North Carolina experienced additional cyberattacks after it refused to pay $23,000 in ransomware. However, county officials indicated that the latest cyberattacks were unsuccessful. Hackers launched the second set of cyberattacks against Mecklenburg County on Thursday, December 7, according to a prepared statement. County Manager sent an email to warn county employees about the cyberattacks and provided these workers with recommendations. Mecklenburg County originally experienced a cyberattack on December 5.

During the cyberattack, hackers froze 48 county servers via encryption, and asked for two bitcoins in ransom, The Charlotte Observer reported. Just Saying No Mecklenburg County would not pay the ransom, and instead would use backup data to restore government systems that were affected by the cyberattack. Since that time, Mecklenburg County has taken steps to restore government systems in the following areas: MSSPs should provide Security Awareness Training - Ascent InfoSec. MSSPs know that the protection provided by even their most powerful and comprehensive security solutions can be quickly undermined by careless or negligent behavior of their clients.

MSSPs waste resources on False Positive alerts - Ascent InfoSec. One of the key findings from the survey of MSSP analysts conducted by Advanced Threat Analytics is that majority of the respondents report a false-positive security alert rate of more than 50%. Many analysts spend 5-6 hours a day investigating security alerts, with high false-positive rates.

This frequently compromises security effectiveness and prevents security analysts from responding to actual threats and incidents. Jay Leek on ProtectWise - Ascent InfoSec. State Attackers Moving from Stealing Data to Social Meddling - Ascent InfoSec. FBI and DHS Issue Joanap and Brambul Malware Attack Warning - Ascent InfoSec. Reduce Exposure Time: Managed Detection & Response - Ascent InfoSec. Ascent InfoSec in the Top 100 MSSPs for 2018 - Ascent InfoSec. Ascent InfoSec, the cybersecurity practice of Ascent Innovations LLC, is one of the Top 100 Managed Security Services Providers according to the research that evaluates MSSPs globally and 80 of these firms are based in United States. The Managed Security services span various technologies such as Firewalls, IDS/IPS, Web & Email gateways, Advanced Threat Defense, Vulnerability Assessment, Security Information & Event Management (SIEM), and so on.

Allied Market Research forecasts that by year 2026, the Managed Security is going to be a $100 billion business. The drivers for growth for Managed Security services are as follows: Increase in ransomware targeting companies of all sizesCybersecurity talent shortage & budget limitationsAcceptance of cloud-based servicesIncrease in data security regulations Find the full report here.

SamSam Ransomware – What is this and How to defend? - Ascent InfoSec. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued an alert for SamSam ransomware to describe how hackers armed with SamSam targeted multiple industries. The U.S. Justice Department has charged two Iranian nationals as the masterminds behind the recent SamSam ransomware attacks.

The cyber kidnappers behind SamSam ransomware attacks in Atlanta and Colorado earlier this year have hit nearly 70 organizations in 2018. Business E-mail Compromise (BEC) Scam $12B in 5 years - Ascent InfoSec. Ransomware cyberattack takes down Norwegian aluminum company’s entire worldwide operations. A major ransomware cyberattack that has taken down the Norsk Hydro’s entire worldwide network, affecting operations, worldwide production, and their 35,000 employees.

Executive briefing. Customers are struggling with lack of visibility & threat detection. Baltimore Robbinhood ransomware attack. The City of Baltimore was attacked with a very aggressive variant of the Robbinhood ransomware on May 8 for the second time in 14 months. Some city departments, including the police, inspector general’s office, and the city’s departments of transportation and public works reported problems with email and phone systems. While the attack didn’t affect the city’s police, fire or emergency services it did prompt officials to temporarily suspend public works customer support, billing for its parks department, overdue water bills along with some other minor services, according to reports. Most of the city’s servers have been shut down as a precautionary measure, city officials said, to impede the malware spread and will slowly be brought online. Baltimore City Ransomware Attack: Hacker Demands.

Threat actors exploiting trust relationships with IT Service Providers - Ascent InfoSec.