Loading ...

Category: Threat Detection

Zero Trust – Cyber Security Audit

Security Audit - Grants Pass, OR

This is the tenth and finale in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Cyber Security Audit. 
 

Cyber Security Audit

Cyber Security Audit is a process where both internal and external systems are tested for their ability and susceptibility to being successfully attacked by hackers. This usually involves an inventory of current systems, research into known vulnerabilities, and testing of those found to see what information can be accessed. Once this process is complete a report is generated to detail both what is found and how those vulnerabilities can be addressed to protect the business’ most valuable commodity – information (intellectual property and client data). Here are some questions to ask:

  • Do you have an inventory of all assets in your organization? Is it up to date?
  • Have you tested your internal network for vulnerabilities?
  • Have you had a penetration test performed on your external network?
  • Do you know what compliance standards apply?
  • How do you document policies and procedures? Who oversees that?

If your company is wanting to have a free cyber security audit, then contact us for assistance.

Zero Trust – Network Security

This is the ninth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Network Security. 

Network Security

Network Security is having the proper hardware and configuration of that hardware in place to protect the business network. This configuration includes segmenting network traffic to keep specific types of traffic, like guest devices, separate from traffic of business devices. It also includes keeping outsiders out of the network and detecting when they have breached security measures. Here are some questions to ask:

  • Do you have a business class router / firewall?
  • Do you have business class switches and access points that support segmentation?
  • Is your network configured to segment business traffic from guest traffic?
  • Are devices like VoIP phones and network cameras on their own network?
  • Is geo-location blocking turned on for non-essential countries?
  • Is network traffic being analyzed for suspicious activity?
  • Do you filter internet traffic?
  • Can your network detect and respond to a breach?

If your company is wanting to lock down network security, then contact us for assistance.

Zero Trust – Endpoint Security

Endpoint Security - Clackamas, OR

This is the sixth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on endpoint security. 

Endpoint Security

Endpoint security is a fancy term used to describe how the computers on the network are protected. This used to be done by antivirus but due to the complexity of the attacks hackers are using to compromise networks these days, the definition has expanded greatly. This now includes things like Enhanced Detection & Response software, Security Operations Centers, DNS Filtering, employee train and more. Here are some questions that you should be asking yourself:

  • Are your endpoints protected by antivirus or enhanced detection & response?
  • Is website traffic being monitored? Restricted?
  • Are your employees being trained in cyber security?
  • Are computer logs being monitored for malicious activity?
  • Would unusual or suspicious activity on a computer be noticed? Alerted on?
  • Do you have security permissions set on all file shares?
  • Do you have least privileged access configured on those shares?
  • Do you keep track of what software is installed on all workstations?
  • Do you block access to unauthorized software?
  • Are files encrypted on servers and workstations?
  • Are your mobile devices managed? Can you wipe them remotely?
  • Are USB ports blocking removeable storage devices?
  • Are endpoints set to automatically log-out?

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

US Takes Action Against Russian Cyber Threats

We caught wind of two separate actions the US has taken against Cyber Threats from Russia over the weekend:

Kaspersky

The first is news that the US Federal Communications Commission has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This company has been banned from use by government agencies since 2017 when a bill was signed due to the companies ties to the Kremlin. 

Russian Hackers

The second article was a press release from the FBI stating that:

“The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”

This hacking activity should be another wake-up call to American businesses to harden their defenses and remain vigilant against cyber security threats. These people are nationally sponsored criminals and we must protect ourselves. 

If your company is currently using Kaspersky or any other Russian based vendors, then it is time to carefully consider whether to continue being connected with them and contact us for assistance migrating to a trusted source.

Hackers Penetrate 93% of Company Networks

Hacked - Grants Pass, OR

Security researchers performed penetration testing on the networks of 45 various mid-sized companies and found that in real life scenarios 93% of those networks were able to be compromised to the point of business disruption. Here are the details:

The Target

The 45 companies were polled to determine what would be an unacceptable business interruption. They decided that the following met that criteria:

  • Disruption of production processes
  • Disruption of service delivery processes
  • Compromise of the digital identity of top management
  • Theft of funds
  • Theft of sensitive information
  • Fraud against users

These became the target for the penetration testers. 


The Process

In order for the penetration tester to achieve their target, they followed the following process:

  • Breach the network perimeter – This was done by the use of compromised passwords found on the Dark Web and know vulnerabilities on devices that were directly connected to the internet
  • Obtain maximum privileges – In 100% of the networks, once an attacker was inside the network
  •  Gaining access to key systems – With maximum privileges, the testers are able to gain access to other areas of the network including databases, executives computers, and production servers
  • Develop attacks on target systems – Once key systems are compromised the testers then figured out how to create the unacceptable business interruption. Although they could have created these interruptions, they only gathered proof that they could to present the data to the companies. 


How to Defend 

There are a couple main ways to defend against these kinds of attacks:

  • Security Controls / Segmentation – Creating least privileged access to key systems and segmenting the network will keep hackers from traversing the network once inside
  • Enhanced Network Monitoring – Modern cyber security tools watch activity and traffic on the network to find indicators of compromise. They pool this information into an attack history that can be used to remediate and further protect. 


Your company is not as safe as you think, so contact us for free initial cybersecurity evaluation and risk report.  .

Did I see your Indicators of Compromise?

Nobody wants to be hacked, breached, compromised, or whatever else they are calling it now. Here is a quick list of things to think about to keep your company safe:

Compromise Prevention

  • Keep track of your inventory, both software and hardware.
  • Make sure to properly dispose of these things (recycle or responsible destruction)
  • Scan your network for vulnerabilities
  • Patch or remediate everything you find
  • Manage your antivirus & keep it up-to-date
  • Keep your passwords complex & safely stored
  • Remove all users / accounts when no longer in use
  • Look at best practices to harden your computers / network to attacks
  • Monitor your network for strange activity (indicators of compromise)

If your company is concerned about security, then contact us to take care of it for you.

Never Negotiate with Terrorists

Hacked - Grants Pass, OR

There has been a recent trend for companies to “negotiate” with the criminal terrorists behind wave of ransomware attacks across the world by paying the ransom. In a recent study some alarming statistics have been released:

Current Ransomware Stats

If Ransom is Paid: The global findings also show that only 8% of organizations manage to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.

Cost of Ransom: The average ransom paid was $170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.

Who is Paying the Ransom: The number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021.

The Brighter Side: While the number of organizations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020).

What is Being Done

There are now organizations trying to create a common framework to address this threat. The Institute for Security and Technology has created a Ransomware Task Force. This task force has been working to develop this framework and has published some guidance. Even though this is just the foundation work, it is good to see that efforts are being made. 

If your company is worried about the threat of ransomware, then contact us for assistance setting up a multiple layer approach to security.

How is Malware Delivered?

Malware

Read a recent study on the origins of malicious software aka malware. Here are the highlights:

Current Malware Statistics

29% – Malware is previously unknown to security vendors due to the continued efforts of malware creators to hide the software or make it undetectable.

88% – Malware is delivered to people’s inboxes and some of it bypassing normal SPAM filters.

8.8 Days – Time before regular antivirus vendors have discovered the malware and added it to their lists for detection.

$50 – The cost of a pre-fabricated malware kit that can be bought currently on the dark web.

“The most common type of malicious attachments were: documents (Word – 31%), archive files (ZIP & RAR – 28%), spreadsheets (Excel – 19%) and executable files (EXE – 17%).”

What can be done?

A multi-tiered approach to security remains the best solution:

  • Moving from traditional antivirus to Enhanced Detection & Response (EDR) software to go beyond lists of know infections to behavior tracking of software
  • Moving from traditional SPAM filters to Email Advanced Threat Protection which scans each email and opens each attachment to see if there is any malicious activity cause by them
  • Moving from traditional router to a business class firewall with Intrusion Prevention System to monitor traffic for suspicious activity
  • Employee training is also key to keep your staff aware of immerging trends and threats 


If your company is looking to enhance your network security posture, then contact us for assistance.

A newly discovered serious vulnerability – dubbed “BootHole”

There has been information released by a security research firm called Eclypsium that there is a vulnerability dubbed Boothole in Unified Extensible Firmware Interface (UEFI) Secure Boot that would allow an attacker to completely take over a workstation, laptop, or server and be nearly undetectable. All hardware vendors will have to send out updates in the near future to patch the UEFI code to secure it against this “BootHole” vulnerability. Due to the difficulty in designing and testing these types of updates it will be some time before they are released. We will keep you posted as to the release of these updates as they become available. 

If your company is concerned about security, then contact us for assistance.

Vulnerability Scans & Penetration Testing

Vulnerability Prevention - Grants Pass, OR

Many industries we serve are under some sort of compliance requirements – HIPAA, PCI, GDPR, etc. and several of these require some sort of vulnerability scans or penetration testing:

HIPAA Section 164.308(a)(1)(ii)(A) states:

RISK ANALYSIS (Required).
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].

PCI DSS Requirement 11.3:

The scope of a penetration test, as defined in PCI DSS Requirement 11.3, must include the entire CDE perimeter and any critical systems that may impact the security of the CDE as well as the environment in scope for PCI DSS. This includes both the external perimeter (public-facing attack surfaces) and the internal perimeter of the CDE (LAN-LAN attack surfaces).

GDPR Article 32 states:

A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing

Farmhouse Networking has begun offering both internal and external network vulnerability scans and penetration testing for clients who fall under compliance requirements. We also provide remediation planning and implementation for any issues found during the scans. 

If your company is has compliance requirements for internal or external vulnerability scans or penetration testing, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]