Ken Westin, senior security analyst with Tripwire, commented on research from Cybereason that has uncovered a new attack targeting Microsoft Outlook Web Application (OWA).
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :
“This attack shows the importance of being hyper-vigilant when it comes to monitoring critical assets within an organizations environment. Organizations need to pay special attention to what is happening on these critical endpoints, as they can easily lead to an entire network being compromised. Mail servers, active directory servers, databases and other critical systems need to be monitored for any and all system configuration changes, as well as new binaries added to these systems. IT and security teams should be alerted to these changes immediately and have a workflow established for quickly verifying if these changes are authorized and verified as part of a scheduled patch, or if it is a potential malicious piece of malware.
When dealing with a sophisticated adversary, the malware they use to target infrastructure will use customized code that will not have signatures, or they may simply use tools available on the systems themselves to harvest data. Although threat intelligence can help tell organizations if a particular threat or indicator has been seen by others, they still need strong security intelligence within their own network to identify anomalies and potential threats that may not have been seen before.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]