Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Top Posts
Data Loss Prevention: Artificial Intelligence vs. Human Insight
Expert On How The UK Police Data Loss...
Cyber Criminals Left Stolen Phishing Credentials Exposed To...
Cyber Expert On Malware Found On Laptops Provided...
OpenText Research Offers A Snapshot Of UK Attitudes...
How Much Are You Worth On The Dark...
Experts Reaction On World Economic Forum 2021 Report...
Major Security Flaws Found In Signal And other...
Comment On IoT Risks Of Peloton Bike
Top‌ ‌3‌ ‌Priorities‌ ‌For‌ ‌CISOs’‌ ‌2021‌ ‌Security‌ ‌Programs
Information Security Buzz

Connecting Security Experts

  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • Register
  • Log In
Expert(s): November 30, 2020
Ofer Israeli
CEO & Founderfeature_status*/ ?>
Illusive Networks

Comments Dotted : 3
December 16, 2020

DHS Hacked As Part Of Massive Cyberattack On Federal Agencies

Stressing the need for a proactive approach.
This breach, in which attackers were living in the system undetected for months, shows the critical importance of lateral movement detection and unnecessary credential remediation. These threat actors were using standard living off the land techniques – leveraging legitimate credentials and connectivity. This is some of the hardest movement to identify, as it appears natural. A more active approach is needed. It has to be assumed that attackers are getting in, and it’s what we do once.....Read More
This breach, in which attackers were living in the system undetected for months, shows the critical importance of lateral movement detection and unnecessary credential remediation. These threat actors were using standard living off the land techniques – leveraging legitimate credentials and connectivity. This is some of the hardest movement to identify, as it appears natural. A more active approach is needed. It has to be assumed that attackers are getting in, and it’s what we do once they’ve breached that will make the most difference. Once companies understand and appreciate the importance of placing focus on paralyzing attackers inside the network, the greater the chance they have of assembling the necessary technology and tools to robustly secure that network. CISA is mandating that affected, or potentially affected systems be forensically imaged immediately. The importance of obtaining a full forensic picture, which is then delivered to security teams for remediation and further action, can’t be understated. Ideally security teams will see this as a learning opportunity to make sure their preferred active defense tools have this deterministic capability. Only then can they prepare more thoroughly for future attacks, which is paramount in the fight against cybercrime.  Read Less
Like(0)  (0)

Linkedin Message

@Ofer Israeli, CEO & Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Stressing the need for a proactive approach...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/dhs-hacked-as-part-of-massive-cyberattack-on-federal-agencies

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Ofer Israeli, CEO & Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Stressing the need for a proactive approach...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/dhs-hacked-as-part-of-massive-cyberattack-on-federal-agencies

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
December 10, 2020

Cyber Security Predictions 2021: Experts’ Responses

Continuation of ransomware, security savvy board members among top cyber trends for 2021.
The “spray and pay” method of scattering ransomware all over the internet and hoping to hit paydirt through the numbers game has given way to highly targeted strains pointed at specific victims. Despite all the myriad solutions deployed by organizations to defend against cyberthreats, ransomware is increasing at a rapid rate. The fundamental weakness underpinning the rise of ransomware as attackers’ chosen tactic in the aftermath of the remote work explosion is cybersecurity’s.....Read More
The “spray and pay” method of scattering ransomware all over the internet and hoping to hit paydirt through the numbers game has given way to highly targeted strains pointed at specific victims. Despite all the myriad solutions deployed by organizations to defend against cyberthreats, ransomware is increasing at a rapid rate. The fundamental weakness underpinning the rise of ransomware as attackers’ chosen tactic in the aftermath of the remote work explosion is cybersecurity’s overreliance on behavioral-based threat detection. With the continued reliance on remote and hybrid work situations, the “old normal” isn’t likely to return. All the baselines created with years of user activity patterns factored in to detect and flag anomalies went haywire in the first few months of 2020. Without a baseline to compare anomalies with, threat detection based on activity monitoring will continue to generate even more false positives than usual, leading to more wasted investigation time.  Boundaries will continue to be pushed. For example, the recent news of the election security issue with Iran, while it's a big deal, it didn’t shake the country. I think it didn’t really shake the country because, because we saw similar things in 2016. The essence here is just human psychology – the boundaries keep getting pushed. And then the next time something occurs that seems unheard of, a country is going to accept it and then when it occurs again, it's not that it's overlooked, but that it doesn't seem all that awful. I think we're going to see the stakes dramatically continue to grow. There is a lot that nation-state attackers can do, but they're not doing today. And somebody at some point is going to make that first motion. I think we're going to see a shift in what is perceived as acceptable or reasonable. Security savvy board members. From a company governance perspective, I do think we're going to start to see a trend of more security and technology savvy board members being added to the board of directors. It will be crucial, as security continues to be a huge risk for all companies, to have someone on the board who can grasp this, understand it and work with the management team to resolve any issues and help manage the risk. Active Defense will be top of mind. Our customers are proactively bringing up MITRE’s Shield framework with us, which is phenomenal as it was only released in August. We've just scratched the surface now, but I think that this framework is going to play a significant role. It's going to transition customers’ thinking to the perspective Illusive Networks has long been focused on: the understanding that proactive versus reactive defense is key. How do you add an active layer to your defense? I believe that's going to play a significant role in security strategies in 2021.  Read Less
Like(5)  (0)

Linkedin Message

@Ofer Israeli, CEO & Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Continuation of ransomware, security savvy board members among top cyber trends for 2021...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cyber-security-predictions-2021-experts-responses

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Ofer Israeli, CEO & Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Continuation of ransomware, security savvy board members among top cyber trends for 2021...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cyber-security-predictions-2021-experts-responses

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
November 03, 2020

Election Security – Cybersecurity Experts Commentary

Blocking lateral movement is the key to securing valuable data.
As we saw in the last election, spear phishing and other attacks on individuals affiliated with political campaigns can have broad ramifications beyond the specific breach. Well-funded nation-state attackers are getting past perimeter defenses, and defenders often struggle to gain visibility into their slow-and-low tactics as they lurk in the network. However, attackers rarely land on the machine with the valuable data they hope to steal as soon as they get in. If you can block their lateral.....Read More
As we saw in the last election, spear phishing and other attacks on individuals affiliated with political campaigns can have broad ramifications beyond the specific breach. Well-funded nation-state attackers are getting past perimeter defenses, and defenders often struggle to gain visibility into their slow-and-low tactics as they lurk in the network. However, attackers rarely land on the machine with the valuable data they hope to steal as soon as they get in. If you can block their lateral movement towards that valuable data, you can limit the fallout that occurs from a breach. Many successful breaches are enabled by extraneous connectivity and credentials on machines throughout the network that allow attackers to gain a foothold without needing to leverage unpatched vulnerabilities or zero-day exploits. Some examples of this include remote desktop sessions left open, or cached admin credentials left on a browser. These pathways allow attackers to move laterally from their beachhead after they get past the perimeter and need to be found and removed. Simply closing off these pathways to critical assets makes successful breaches much less likely. Of course, there are steps the targeted individuals should take regarding password hygiene, but we are talking about sophisticated nation-state attackers here, and even users who know they are a target are only human and prone to mistakes. Campaigns should use security techniques that shift the onus away from the defenders’ actions and towards making attackers doubt each move they make. For example, if the campaigns can blanket a network with deceptive data that is indistinguishable from real data, telling the difference becomes impossible for an attacker. The deceptive data serves as a beacon highlighting an attacker’s presence upon engagement, and it is now the attacker who has to carefully consider each click. Again, the focus is on active defense, so that even if an attacker manages to get past static defenses, their access can’t bring them near critical assets.  Read Less
Like(0)  (0)

Linkedin Message

@Ofer Israeli, CEO & Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Blocking lateral movement is the key to securing valuable data...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/election-security-cybersecurity-experts-commentary

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Ofer Israeli, CEO & Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Blocking lateral movement is the key to securing valuable data...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/election-security-cybersecurity-experts-commentary

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

Matias Madou, Co-founder and CTO, Secure Code Warrior

"It’s imperative that all developers are trained in how to code securely from the outset. "

Expert On How The UK Police Data Loss Could Have Been Easily Prevented

Stephen Kapp, CTO and Founder, Cortex Insight

"Pixlr should look to improve its internal processes by holding user information. "

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

George Glass, Head of Threat Intelligence, Redscan

"Gamarue is able to spread across a user’s local network and is also capable of installing additional strains of malware. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Jake Moore, Cybersecurity Specialist, ESET

"Gamarue.1 is an old virus from quite a few years ago. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Niamh Muldoon, Senior Director of Trust and Security EMEA, OneLogin

"New and young students using online learning for the first time are most vulnerable. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"All computers, no matter the make, model, or operating system should run some type of antivirus or anti-malware protection. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

"Department of Education should be putting security parameters. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Sam Curry, Chief Security Officer, Cybereason

"The National Cyber Security Centre offer free advice on secure home working. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Brian Higgins, Security Specialist, Comparitech.com

"The potential for malicious software to be used against recipients is not limited to the children. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Chloé Messdaghi, VP of Strategy, Point3 Security

"The attack approach was also clever. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Saryu Nayyar, CEO, Gurucul

"Organizations still need to maintain strong perimeter and interior defenses. "

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

Oliver Cronk, Chief IT Architect, EMEA, Tanium

"This story is part of a wider challenge facing schools at the moment. "

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling

Andy Teichholz, Senior Industry Strategist, Compliance and Legal, OpenText

"In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Lou Blatt, Senior Vice President and CMO, OpenText

"Digital is now central to almost every business interaction – generating more data for companies to manage and secure. "

OpenText Research Offers A Snapshot Of UK Attitudes Towards Data Privacy

Greg Bell, CEO, Corelight

"This type of network infiltration is often difficult to identify. "

A Chinese Hacking Group Is Stealing Airline Passenger Details

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel