THE STATE OF AFFAIRS!
"There are only two kinds of companies, those that have been hacked, and those who don't know"
- John chambers
Cisco CEO, World Economic Forum 2015
ALERTS AND ADVISORIES
The majority of past months attacks and vulnerabilities exposed were focused on remote code execution! they are fileless! they gain access and privilege are executed by trusted programs with exploited vulnerabilities, and existing security products won't identify these as threat vectors and actors. shield does! it identifies change in behavior recognises abuse and zero day exploitation identifies threat vectors and actors at different levels to takes autonomous actions protecting the machine and network from such exploitation.
Ransomware attacks in the US doubled about 98% increase in the last three months. India ranked second with an over 39% rise in ransomware attacks followed by Sri Lanka, Russia and Turkey, A 50% jump in the daily average of ransomware attacks in last three months globally, compared to the first half of 2020 predicting more attacks and escalations!
India ranks 3rd in the list of the highest number of internet users worldwide after the USA & China. With the exponential rise on the Internet and mobile phone users, there is a significant rise in the number of cyberattack incidents in India and globally, Pandemic sped up the need for faster better security solutions social engineering (fake website fake emails) increased potential threat to all remote workforce. DSCI released recommended work from home security products for our country. Authbase's NGAV is recommended to boost up security to detect threats without signatures
Ransomware do not discriminate there's been a 260% increase in the frequency of attacks, a 50% increase in ransom demanded across every industry in the first half of this year alone! IBM released global average cost of data breach in 2020 is 3.86 million healthcare average is 7.13 million dollars. total losses due to business disruption is a lot more. Among the most aggressive attacks, Maze and DoppelPaymer, which have begun exfiltrating data from hacked networks, and threatening to release data on leak sites, as part of double extortion, demanding ransom six times more than the average.
Along with ransomwares, a recorded spike in the number of funds transfer frauds and business email compromise events, growing 35% and 67%. Reported losses from these incidents have ranged from thousands to over a million dollars per event. October month is cyber awareness month ironically enough a large number of exploits were found this month in various segments browsers enterprises servers firewalls enterprise applications. the trend will keep growing until we take proactive measures along with reactive measures.
maintaining cyber hygiene and best practices can easily help secure 90% of the threats out there. being and maintaining compliance is a biggest factor for cybersecurity in our company we see cybersecurity and dat compliance as two sides of the same coin. keeping software uptodate backing up regularly having and maintaining cyber awareness helps protects against social engineering! human beings are always the weakest link in the chain.
Targeted attacks on pharma and research have been continously increasing the attackers don't use disclosed exploits they have an arsenal of their own tools they try multiple ones and they have to only get lucky only once. mostly due to the nature of the attacks secops take time to respond to these classifying them from anomalies to threats at a global level to be aware until time for firewall and antivirus to update their signatures rules unless.
US WARNS AGAINST PAYING OFF RANSOMWARE ATTACKERS
US Treasury's Office of Foreign Assets Control has issued an advisory to warn organizations making or facilitating ransomware payments that they could run afoul of US regulations and face stern penalties.
READ THE ADVISORY
POSSIBLE RANSOMWARE ATTACKS ON HEALTHCARE SYSTEMS WARNS FBI DHS
Information of an increased and imminent cybercrime threat to U.S hospitals and healthcare providers. CISA, FBI, and HHS warn to take timely and reasonable precautions to protect their networks from these threats.
READ THE ADVISORY
US AND INDIA TARGETED MOST BY RANSOMWARE
Ransomware attacks in the US doubled about 98% increase in the last three months. India ranked second with an over 39% rise in ransomware attacks followed by Sri Lanka, Russia and Turkey, A 50% jump in the daily average of ransomware attacks in last three months globally, compared to the first half of 2020 predicting more attacks and escalations!
ARE YOU SECURE AGAINST RIPPLE20 VULNERABILITIES
Ripple20 so called on the disclosure year and the idea that the problems "rippled" through the supply chain of one company, Treck implemented a TCP/IP Stack widely adapted by many manufacturing, IoT companies since. It is difficult to identify all affected devices to assess its impact these vulnerabilities will haunt the IoT landscape years to come!
SHIELD AI secures networks and machines against threats like these ransomware, bots and virus, making them nonexistent!
SHIELD Autonomous Response protects against exploitation of such vulnerabilities, flaws and thwarts zero-day attacks!
Among the most aggressive attacks, Maze and DoppelPaymer, which have begun exfiltrating data from hacked networks, and threatening to release data on leak sites, as part of double extortion, demanding ransom six times more than the average.
Along with ransomwares, a recorded spike in the number of funds transfer frauds and business email compromise events, growing 35% and 67%. Reported losses from these incidents have ranged from thousands to over a million dollars per event.
Ransomware do not discriminate there's been a 260% increase in the frequency of attacks, a 50% increase in ransom demanded across every industry in the first half of this year alone!
CRITICAL OBSERVATIONS
REMOTE CODE EXECUTION HAS BEEN THE MOST DANGEROUS ABUSED EXPLOITED ATTACK THIS MONTH
>_
Microsoft released critical security updates for Windows and Visual Studio Two remote code execution (RCE) bugs in the Windows Codecs library and Visual Studio Code added to another critical in Windows TCP/IP totalling 87 vulnerabilities patched this month.
ZD
Microsoft addressed over 112 CVEs in its November release, including a zero-day vulnerability in Windows kernel that was exploited in the wild as part of a targeted attack.
MS
Trickbot has infected over a million computing devices around the world since late 2016. While the exact identity of the operators is unknown, research suggests they serve both nation-states and criminal networks for a variety of objectives. A global network of security partners took action to takedown and remediate victims will be supported by internet service providers (ISPs) and computer emergency readiness teams (CERTs) around the world.
MS
Discord desktop app vulnerability chain triggered remote code execution attacks first security issue was found in Electron, the software framework used by the Discord desktop app. While the desktop app is not open source, the JavaScript code utilized by Electron -- an open source project for creating cross-platform apps able to harness JavaScript, HTML, and CSS -- was saved locally and could be extracted and examined.
ZD
800,000 SonicWall VPNs vulnerable to new remote code execution bug. Listed as CVE-2020-5135 an attacker can exploit it if the component is exposed on the WAN (public internet) interface, as long as they're aware of the device's IP address. An update available to patch this vulnerability!
AFFECTED PRODUCT(S)
SonicOS 6.5.4.6-79n and earlier
SonicOS 6.5.1.11-4n and earlier
SonicOS 6.0.5.3-93o and earlier
SonicOSv 6.5.4.4-44v-21-794 and earlier
SonicOS 7.0.0.0-1
SW
A new fileless attack technique that abuses the Microsoft Windows Error Reporting (WER) service is the work of a hacking group that is yet to be identified. A lure phishing document found by the team was packaged in a .ZIP file. Titled, "Compensation manual.doc," the file claims to contain information relating to worker compensation rights, when opened, is able to trigger a malicious macro. The macro uses a custom version of the CactusTorch VBA module to spring a fileless attack, made possible through shellcode.
MBL
SAP Security Patch Day saw the release of 15 Security Notes. There were 6 updates to previously released Patch Day Security Notes.
SAP
55 New Security Flaws in Apple Software and Services 29 high, 13 medium and 2 low severity vulnerabilities could allow an attacker to fully compromise both customer & employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
Securing election infrastructure from new and evolving threats is a vital national interest that requires a whole-of-society approach. This library provides State and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.
HLS
CISA released Real / Fake—a graphic novel that communicates the dangers and risks associated with dis- and misinformation campaigns. The plot shows how threat actors capitalize on political and social issues (especially around election cycles) to plant doubt in the minds of targeted audiences and steer their opinion.
Download/share the Real Fake graphic novel and transcript.
#Protect2020
Solarwinds Hack
SolarWinds was the victim of a cyberattack that inserted a vulnerability (SUNBURST) within Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 and 2020.2 HF 1, which, potentially allowed an attackers to compromise the servers on which the Orion products run. In its advisory, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments.
SW
Three packages plutov-slack-client, nodetest199, nodetest1010 have been removed from the npm portal for containing malicious code. the packages 1569, 1570, 1571 were found opening shells on Linux and Windows systems, Any computers that have installed or running these should be considered fully compromised and take necessary actions.
Starting with U.S. presidential elections in 2020, Microsoft's new program is global to engage around the world with other democratic countries in protecting their institutions and processes in the years to come. In partnership with governments and our industry colleagues, to put cybersecurity expertise to work for the defense of democracy. working with all stakeholders in democratic countries globally to:
Protect campaigns from hacking.
Increase political advertising transparency online.
Explore technological solutions.
Defend against disinformation campaigns.
MS
Chrome Zero day is under Active Attacks – Update to 86.0.4240.111 immediately to patch several security high-severity issues, that has been exploited in the wild by attackers to hijack targeted computers. Tracked as CVE-2020-15999, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.
GC
Our award winning vulnerability management system is now bundled with SHIELD blocks exploitation of vulnerabilities, predicts threats! identifies and mitigates threats at various levels. securing applications before they are exploited or abused. our threat inference engine gives you a birds eye view of the enterprise stack automating listing and tracking relevant risks advisories giving actionable intelligence and recommendations all in one.
