Patch Management: Why it is a Security MUST!

Posted on by Martin Quinn in Security Blog Leave a comment

by Martin Quinn & Samantha Woollard 21 May 2017

What is Patch Management?

Patch management is the process of handling all the updates of components within the companies information system. These include routers, firewalls, servers, operating systems, anti-viruses, along with many more that could exist within a network.

After hardware and software is released, flaws may be found within them which have not yet been discovered; these are classed as zero-day vulnerabilities. Zero-day vulnerabilities are exploitable but do not yet have a fix. When a vendor releases a patch for these, they are no longer zero-day flaws and the component can be updated to correct the issues.

An analogy of patch management within your business can be seen as maintaining a car. Without regular check-ups, new tyres and parts, you can still drive your car, however it will become dangerous to drive if you keep avoiding the mechanic. Eventually, the car may break down or cause an accident.

Patches are released constantly for different software and hardware, meaning vulnerabilities are also found consistently so the importance of a scheduled patching procedure is critical within every business.

Why Is Software So Insecure?

Software is a creation through humans’ work and like everything else, human error comes into play. Unintended errors may happen and this leaves a door of opportunity for an attack from malicious hackers.
Code reviews before product deployment may not be carried out properly leaving flaws in memory, logic and other areas within the components. As reviewing code is extremely time consuming and increases the cost, companies often take the risk and rush the testing phase to reduce the delay to the market.

Reasons to Patch

Zero-day Attacks Account For 0.1%

Zero-day attacks rarely occur. This is due to the lack of time between the discovery of the flaw and the creation of a patch, an attacker does not have enough time to create an exploit against the vulnerability. This means that 99.9% of attacks happen due to commonly used exploits and commonly found vulnerabilities existing in companies’ systems, that have not yet been patched. Many attacks could easily have been prevented and systems protected however due to bad patching practices were not.

Unsupported Software

When a vendor stops supporting software, it means that they will no longer release patches for discovered vulnerabilities. If new flaws come to light, they will remain vulnerable as nothing will be done to fix them. It is advised to stop using this software as exploits for these will become more common and this will only attract attackers to this low hanging fruit.

Outdated Anti-virus

It is estimated that 24% of computers have out of date anti-virus making it pretty much useless. If anti-virus is out of date then new threats that have been discovered since its last update cannot be picked up by the anti-virus, as they have no record of it being a vulnerability. Patching anti-virus means that it can pick up everything that it should do, that is the reason it is running in the first place.

Keeps Costs Low

No one can know exactly how much a security breach will cost, but if you are breached due to lack of patch management it will be very expensive for the business. If there is no plan in place on how to manage the systems after the incident then the breach will become unmanageable; resulting in the loss of more money. Patch management also includes guidance if something were to go wrong, so that employees are aware of what to do.

Tips On Patching

Patch Policy

Have a security policy in place of how often you patch, when it occurs and how it is done is very much encouraged for all companies. Keeping to this policy can help you remain in compliance.

Involve Senior Management

Patch management can happen a lot more smoothly when senior management is involved. Trying to conduct regular updates without the consent or help from top management can only prolong the process making patching a hindrance for everyone involved.

Backup Before Patching

Applying patches can sometimes go wrong, resulting in the loss of information. That is why it is important to complete a backup before introducing a new patch.

Educating staff

This is also an important tactic within patch management, so that if certain software can be updated by employees on their machines, that they know what needs updating and how to do it.

Patching Personally and Within A Business

Personal machines at home should have automatic updates turned on, however in a business any updates or changes to the system should be tested before implementing into production. Updates may affect day to day activities and could result in the failure of business-critical processes. To ensure no information is lost or damage to the main system, ensure that updates are applied in a controlled environment.

Relax. Your security is Intact.

Author: Intact Security

Google


How To Use Public Wi-Fi Securely!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 17 April 2017

Do you have frequent coffee meetings with colleagues or clients and need to access company information using the cafés free Wi-Fi?  DON’T! Have you ever used free Wi-Fi to log into your online banking? DON’T! Public Wi-Fi is not safe and hackers love to take full advantage of this.

Wi-Fi hotspots are incredibly practical for us be it for social media scrolling, work and private email checking and other business needs. However, they are a potential risk and are just as handy for attackers to steal your private information.

Below are some tips to secure your information if you need to use free Wi-Fi in public places.

Tips to minimise your risk

1. Be smart – Firstly, be aware that any information you send over Wi-Fi hotspots is up for grabs to anyone who has even a bit of an IT background. Your online banking details, usernames and passwords are all out in the open. Try not to use sensitive information or visit anything private whilst using free hotspots.
2. Check Authenticity – Be careful to which hotspot you are connecting. It is possible for a malicious actor to put their own hotspot in place and perhaps disguise as the cafés Wi-Fi. A popular name is ‘_FreeWi-Fi’ as the punctuation puts the hotspot to the top of the list and we are all guilty of being distracted by the word ‘Free’. If you connect through an attacker’s hotspot then everything you do will be recorded by them. Make sure to verify with the café, restaurant, library etc on the name of their network and the password before connecting to any Wi-Fi.

3. Disable File Sharing – If you are a Windows user, make sure to turn off file sharing and mark the connection as a public network. To do this: Control Panel > Network and Sharing Center > Change Advanced Sharing Settings and uncheck the file sharing option. Another extra precaution is to turn on Windows Firewall by: Control > System and Security > Windows Firewall
4. Over HTTPS – Ensure that the sites you are accessing are over HTTPS by looking at the address bar or for the security lock sign.
5. Patch! Patch! Patch! – Always have software up-to-date so that no current exploit can be used against you. Regarding Wi-Fi, keep your web browser, software, anti-virus and other internet-connected devices are all patched.
6. Two-Factor Authentication – It is always good practice to use two factor authentications where you can. If a hacker could obtain your password then there is another layer of protection in place that they will not be able to get past.
7. Use a VPN – A Virtual Private Network encrypts all traffic and ensures a safe way of using the Internet. It also masks your IP address so that phishing and man-in-the-middle attacks are reduced.
8. Log off and Forget– Once you have finished using the Wi-Fi connection, log off from any services you were using and forget the network. This prevents your phone from automatically connecting to it again when you are within range. Remember to always turn off your Wi-Fi if you are not using it to stop it from connecting to random open hotspots when you are out and about. Another tip that helps with this is to disallow your device to connect automatically within your Wi-Fi settings.

Security for us is not only when you have a strong password. Security for businesses is not only what happens within the company building. Protecting yourself and your business is an ongoing process. The tips above can help everyone reduce their risk of attack and loss of personal information and sensitive data to crafty hackers lurking in public areas.

Relax. Your security is Intact.

Author: Intact Security

Google


Intact Attend Partner Summit To Phuket With WatchGuard!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) – 12 April 2017

Who are WatchGuard? WatchGuard are a global provider of Unified Threat Management (UTM) and Next Generation firewall solutions. Their UTM is unmatched providing additional firewall services such as IPS, URL filtering, gateway anti-virus, web blocking and a host of other features.

A basic firewall is no longer enough, so more defences need to be implemented into businesses’ systems to layer their security. This can become complex with many devices to configure, implement and monitor. With WatchGuard products, everything you would need and more is provided through one unified device meaning:

  • A layered security for your business
  • No complex configurations
  • Easy to use GUI
  • Low price

Intact Security have been Silver partners with WatchGuard for several years, keeping on top of newly created services and products so that we can educate customers and distribute security solutions to those who need them.

This week WatchGuard flew the Intact team plus their other partners to Phuket, Thailand to inform us of new products and newly developed features so we may find the best suiting answer to your security problems.

Who did we meet? David Higgins, Regional Director ANZ opened the Cocktail Reception on the first evening to welcome all the partners and distributors to Phuket for the annual Partner Summit, with the Bangtao beach as a stunning backdrop.

The next day the Partner Summit was kicked off with a Keynote Presentation by Prakash Panjwani, CEO of WatchGuard. A number of other presenters took to the stage including Corey Nachreiner, Chief Technology Officer (CTO), Ryan Orsi the Director of Business Development and Brendan Patterson, the Director of Product Management discussing all things WatchGuard over the past year and the year to come.

Left to right: Brendan Patterson, David Higgins and his wife, and Prakash Panjwani (CEO).

David Higgins, Regional Director ANZ opening the Cocktail Reception.

 

Advantages of WatchGuard Over Competitors

WatchGuard are the ONLY one in the industry to provide a Unified Threat Management (UTM) that:

  • is fully integrated correlation capability – threat detection from network to endpoint in one view
  • processes threat intelligence on behalf of customers, passing on only the security benefits without the complexity or costs
  • provides integrated, automated incident response that works in tandem with existing anti-virus
  • unites prevention, detection, correlation and response under one SKU (Stock Keeping Unit)

UTM Throughput
Network performance with WatchGuard products, including the full UTM and features is nearly 4 times as fast than when other competitors’ products are implemented into systems. This includes Dell SonicWall and Sophos products.

Ease of Licensing   
When licensing a product, with WatchGuard only one device is needed. Other software is needed with other company products making licensing more complex.

UTM Throughput

Top Threats of 2017 and How WatchGuard Can Protect You

1. Ransomware
Defense of UTM – No single security service prevents all threats. WatchGuard’s Unified Threat Management combines many services to offer ‘Kill Chain’ defenses.
Advanced Persistent Threat Blocker – As ransomware is ever-changing, behavioural malware detection in the APT Blocker is needed to catch up to date variants.
Threat Detection and response – TDR’s Host Ransomware Prevention can stop the types of ransomware that encrypt files at an end point.

2. Exploit Kits
WebBlocker & RED – Keeps employees away from sites hosting exploit kits (EK)
Intrustion Prevention Service – IPS prevents many of the exploit kits that are in use.
Gateway Antivirus (GAV) – Regularly catches obfuscated JavaScript exploit kits used to launch exploits.
APT Blocker – If EK succeeds, APT blocker and GAV still have a chance to block the malware it tries to send.

3. IoT Botnets
Network Security Is Device Agnostic – Basic firewalls do protect IoT devices. Segment IoT for best UTM service protection.
Botnet C&C Detection (RED) – If an infected device appears, RED’s botnet C&C detection can catch and stop it.
Access Points Protect Wi-Fi IoT – Access points extend and can enhance your protections to wireless IoT devices

Naka Island stop-off during speedboat trip.

New Product Alert! – Managed Cloud Wifi

Late last month WatchGuard announced the release of a new product, Firebox Cloud. This device brings the same protection as other WatchGuard UTM devices to public cloud environments.

This enables organisations to extend their security perimeter to protect business critical and sensitive assets in Amazon Web Services (AWS), increasing the security beyond what is provided by AWS to ensure your network is secured by more than just simple port scanning and access control.

Cloud Scalability
Easily scale from one to an unlimited number of access points across multiple locations without worrying about the hardware limitations. APs can be grouped in many ways including location, building, floor, for easy management and policy configuration

Grow Managed Services With Wi-Fi
WatchGuard is the only company to provide a managed Wi-fi, WIPS ( Wi-Fi Intrusion Prevention System), guest experiences and analytics.
Other vendors such as, Aerohive, Aruba, Cisco Meraki and Ruckus all have managed Wi-Fi but do not include the other features.

Managed WIPS
WatchGuard’s cloud-managed access points have built-in WIPS to help ensure you have the protection you need. By having WIPS activated, it defends your airspace 24/7 from any unauthorised devices that may try to connect, any rogue access points and from malicious attacks, resulting to close to zero false positives. Other vendors have tried and failed to provide this, WatchGuard on the other hand, has succeeded tremendously.

Managed guest experiences and analytics 
These features can be enabled by upgrading access points to provide captive portals, location analytics and also managed WIPS.

New Feature Alert! – Threat Detection and Response

Late January of 2017, it was announced that WatchGuard had created a new service for its products that correlates network and end point security events. Threat detection is used to detect, prioritize and enable immediate action against threats.

It also is the first service provided by ANY UTM vendor to provide these kind of capabilities to small to mid businesses and at no additional cost!

Outrigger Laguna Resort, Phuket, Thailand.

Here at Intact, we only recommend products that we trust will benefit you, our customers. We resell only the devices that will help your security and WatchGuard are one of them. With WatchGuard you get an all-round security solution with integrated simplicity at a low cost but without the lack of performance. Their technology can be adopted into organisations big or small and will still provide the best in-class security service.

If you are interested in any WatchGuard products, do not hesitate on contacting us!

Relax. Your security is Intact.

Author: Intact Security

Google


Most Effective Security Defences Against Hackers According To Hackers!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 27 March 2017

What better way of finding the best counter measures against hackers than asking the hackers themselves. Penetration testers spend their day-to-day life breaking into computer systems and attempting to get around obstacles put in place to stop the bad guys. But why ask penetration testers? The only difference between black hat hackers and penetration testers (white hat hackers) is that one of them has a statement of work to do it legally and the other does not. The methodology and tools of attack are the same.

A large group of white hat hackers took part in a survey about the results from their penetration tests to identify the main issues they came across and what measures you should implement to not fall victim to the same attacks. 72% stated that their first plan of attack is social engineering. Employees are often regarded as the weak link in the chain which puts them at the top of the list for attack. Most hackers involved mentioned that more needed done about security awareness in the workplace as tricking an employee was an easy way to exploit their target. Having security-educated staff can often be one of the key security defences on preventing company information from going into the wrong hands.

88% of penetration tests done by the surveyed white hat hackers took less than 12 hours to compromise the target. After the initial breach, 81% of testers took under 12 hours to find and steal critical data from the target’s network. 33% stated that they were never detected during the entire assessment. From these results it is easy to see that a lot more still needs done on securing businesses and monitoring of traffic to detect and prevent real attackers in their systems. Another comment made by several penetration testers was that it does not matter what size of organisation they were targeting, the chance of exploitation and compromise was the same.

66% of tests resulted in finding exploitable software related vulnerabilities and network configuration issues that could be used to gain unauthorized access were found in 66% of businesses systems. These exist due to software suppliers caring more for ease of deployment and usability, misconfiguration of network devices and bad patching practices. From these two vulnerability types, over 80% of penetration tests are successful in compromising the target business. These can be easily protected against by implementing good patch management, network segmentation, regular scanning and assessments.

After a full penetration test, the work is not over. Remediation is a key stage after the results are acquired, however from this survey only 10% of clients remediated all vulnerabilities and retested the environment. 5% of businesses only wanted to obtain the ‘check in the box’ to achieve compliance and did not act on the results of the assessment at all. 75% only focused on critical and high vulnerabilities. Although remediating major vulnerabilities is obviously a good start, flaws rated as low or medium does not mean that an attacker use them to their advantage. Individually the chance of exploitation from these may be low but by using several of these vulnerabilities together, an attacker can still sometimes craft a successful exploit.

From the results of the survey, it was revealed that the most challenging layer to bypass in a company’s security model was intrusion detection and prevention systems. However, all controls designed to stop hackers, with enough time and effort, can be bypassed. It all boils down to defence in depth rather than depending on a single measure of security. If one layer fails, it is not game over. With the right educated people and technology combination, the chance of compromise can be minimal.

Not all risk can be removed. Although, most hackers target low hanging fruit and try to find the path of least resistance. If a hacker’s attempt into your systems is making no progress, their patience may run thin and a lot of the time they will move on to another target. For example, if one computer is patched, running up to date security software and has a strong password and another computer has not been patched for a while, has no security software in place and has a weak password, then an attacker will go for the second machine. It is all about being ahead of the game and not being an easy target.

Contact us for advice or with any questions about your security. Intact Security are here to help.

Relax. Your security is Intact.

Author: Intact Security

Google


Intact’s Impact At ACSC Conference 2017!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 20 March 2017

What an exciting few days the Intact Security team had at the Australian Cyber Security Centre conference and we like to think that we stood out! With our bright lab coats and decorated spine, we wanted to highlight the importance of checking your security posture and to identify where your weak points may lie.

It was great to be able to promote our services, create awareness and meet such great people! Cyber security awareness is growing, unfortunately mainly due to news coverage of major global cyber attacks. But during the conference, it was evident of the passion everyone has to make everybody safer in our increasingly connected world.

Brilliant talks were given by multiple speakers on attack prevention and how it is possible for everyone to achieve a better level of identification and improvement of risk. It was also addressed in several talks that the Cyber Growth Network has got off to a great start and is continually being built to provide a successful cyber security industry in Australia.

A big thanks to everyone who had a ‘crack’ at our ‘Top Gear Lock-Pick Challenge’. However, a massive congratulations is in order to our six worthy winners who each received one of our beautiful champagne hampers, including our first place winner over the two days who successfully picked the lock in 1.5 seconds! Who knew that was even possible!? Do not worry, he is one of the good guys!

We would like to thank everyone who attended and approached the Intact team during ACSC conference. We hope you had some fun and that in the future we will be able to support you in your security needs. Always remember that no problem is too big or too small, Intact Security are here and happy to help.

Relax. Your security is Intact.

Author: Intact Security

Google


Top 5 Social Engineering Scams That Employees Fall For!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 March 2017

After countless employee security awareness programs, presentations, videos, posters and weekly newsletters, are there still successful social engineering scams running riot in your company?

Last year 30% of phishing emails were opened and 12% of employees clicked and downloaded the malicious attachment. In 2015, only 23% of emails were opened. Does that mean that employees are getting worse at identifying phishing scams? No.

Attackers are becoming evermore creative in how to attract users and sadly, in the end, outsmarting your employees. They prey on people’s curiosity, courtesy, gullibility, greed, thoughtlessness, shyness and apathy; dubbed the seven deadly social engineering sins.

Below are the top social engineering scams that employees are falling for at the moment. So lets make everyone aware to stop this from ruining 2017 for your business.

1. FREE STUFF
Offering something for free be it food, devices, concert tickets, it is guaranteed to awaken the greed inside us. Some people will click on just about anything for free pizza. If the email is suggesting free software, it may already be free. Check out the vendors’ websites instead. In general, do not succumb to emails giving away anything for free.

2. Social Media Cramming At Work
Social media has aided hackers in spreading scams into businesses as many employees use their work machine or network to view their Facebook feed or send a daily tweet via Twitter. Messages from friends that contain malicious links is a popular way for an attacker to try to gain your trust. So don’t click anything you are not expecting. Verify with your friend that it is from them so you don’t fall into this trap. For businesses, it is also a new area to introduce in security awareness training. Although, many companies are not aware of the dangers themselves and it is estimated that 76% of businesses allow their employees to use social media on their work machine.

3. Work-Related Email Scams
Official looking emails from hackers can sometimes be one of the reasons employees’ thoughtlessness clicking results in the installation of dangerous malware. Popular email subjects that trick users are “Invoice Attached”, “Urgent Password Change Request” and “Here’s that file you need”. Spying that email subject, it seems important and something you may have requested from a colleague, and within seconds, malware is installed. Another thing to be on the look out for, is if the file you are downloading asks to “Enable macros”; this can lead to a system takeover. If in doubt about a received email, hover over the sender’s email to see if it is legitimate or not.

4. Fake LinkedIn Accounts
The company executive has added you on LinkedIn, and you are excited but nervous about why or what they are going to ask. You add them and he asks you company specific questions and you both begin discussing private information that should not be spoke of outside the company walls. Turns out, the person you are actually divulging all this sensitive information to is not the executive but actually an impostor, a hacker disguising as the executive to accumulate as much of the company’s secrets as possible. It has recently been a popular way used by attackers for information gathering. Always verify colleagues and higher management LinkedIn accounts by email.

5. Missed Voicemails
This is a rather crafty creative idea which is very hard for users to distinguish as a scam. Hackers hide malware in email messages modified to appear like a missed voicemail. The same with other phishing schemes, if the user clicks and downloads the attachment (voicemail) then the malware will be installed.

Relax. Your security is Intact.

Author: Intact Security

Google


The Countdown Is On For The ACSC Conference!

Posted on by Martin Quinn in Security Blog Leave a comment

 

 

By Samantha Woollard (Internet Security Specialist) 6 March 2017

The Australian Cyber Security Centre (ACSC) Conference is back and the Intact team are ready to go!

This is the conference’s third year and is one of the main security conferences held in 2017; so be sure to attend! The conference starts on the 14th March 2017 and finishes on the 16th, at the National Convention Centre in Canberra.

Senior cyber security experts from all over Australia and beyond will be taking to the stage to discuss brand new and emerging threats, vulnerabilities and mitigation techniques and also hot topics within the world of cyber security. Appearances will be made by a Cyber Security Advisor from Cisco, the Manager of Cybercrime Operations from Australian Federal Police, a senior specialist from the National Cyber Centre of Finland, to name a few. The full program of the events and speakers during the conference can be seen here.

Within the exhibition hall, many security experts and businesses will be present to provide the opportunity to sculpt new partnerships to ensure the security of your company. You will be able to find the Intact Security team at booth 68. While you are visiting us, why not try your luck at picking a lock against the clock to win a luxury hamper!

Who can go?
CEOs, CIOs, CISOs, CTOs, IT Managers, ITSAs, ITSPs, IRAP Assessors, Researchers, Risk managers, anyone that is interested in cyber security or connected to the internet.

With so many cyber attacks in 2016, 2017 is the year we fight back! Why not come meet the Intact team at our booth and see what we have to offer. The countdown is on! Don’t miss out, register now!

Relax. Your security is Intact.

Author: Intact Security

Google


BEWARE: Small Businesses Become A Growing Target

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 27 February 2017

Small businesses believe that due to their size, they are an unlikely target for cyber attackers. But they could not be more wrong.

Perhaps ten years ago, when the chance of attack was much less than present day, it would be acceptable for businesses to think in that way.  Just because your company does not have a huge revenue does not mean it is obscured to attackers’ sight.  It is because of this reason that hackers have latched on to targeting smaller businesses; they are easier to penetrate due to the lack of security. Around 43% of cyber attacks target small businesses. This number has only been increasing in the past years and will continue to do so if nothing is done to stop it.

I can not emphasise more that the reason for an attack is not solely money. Loss of information and disruption can damage businesses and are also massive reasons for attack. Hackers want to destroy businesses and their reputations no matter if they have 2 employees or 20,000. It is estimated that over half of small businesses have not put any budget towards aiding their security and mitigating risks as they do not think that their business holds any valuable data. Even holding customers billing address, email address and phone numbers are classed as sensitive information and if you have promised your customers that this information will not be shared then it must be protected from theft.

After an attack, small companies can expect to lose an average of $1,150,000 and also expect an additional loss of an average of $1,250,000 due to disruptions within the business.

Do not wait to be hit by an attack to take action, by then the damage could be done. You can not just hope that you will not be a target, as now in 2017, no one is safe from the threats of cyber crime. Fortunately, Intact is here to help. Be prepared.

Relax. Your security is Intact.

Author: Intact Security

Google


You Have Been Breached, Now What?

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 20 February 2017

So you have identified that you are under attack or have already been breached. What should you do now? First of all, breathe. Do not panic. There is a chance it will happen to everyone; it is how severe the attack is that will come into play.

Identify what type of attack it is. There are various types of attacks; such as DDoS attack, malware has been installed, you do not have control of your machine; someone is accessing a port that is not normally accessed, to list a few.

Identify where it is coming from. Is the threat coming from an inside host that has been compromised or from an outside source.

Stop the attack. If a specific machine is slow, you notice phishing attempts within your emails, random programs have been installed, your anti-virus has stopped running or anything else suspicious, report the problem to your security team or equivalent as soon as possible. Henceforth, let them handle everything.

Remember to never turn off any machine until the scenario has been checked out and any evidence existing is gathered, as turning it off may erase some important information needed. Remove the affected machine from the network until the situation is dealt with. You can also place it in sleep mode. This will remove the attacker’s ability to remotely access your machine. It may be worthwhile to look for other compromised machines within the work place as it may be the case that more than one machine has been attacked.

After gathering any evidence needed, back up all files and logs. Remember to take notes about what has happened throughout the day, what you found and the actions you took. Run a couple of anti-virus and anti-malware software to find and remove any malware that may be causing the problem and restart the machine to fully remove the malware. Reboot in safe mode, so that only the minimum amount of programs needed are ran. If the machine is still not functioning properly, do a complete system restore and update the computer.

Call your incident response team as soon as possible, either in-house or external company to initiate the incident response plan you should have in place. The first seven days could be tedious, depending on when the attack happened. You may only notice it in June but in fact the breach could have been in October. Log entries will need to be filtered through to find the source of the attack.

After the source of the attack is found and how the attackers were able to infiltrate into your network is uncovered, steps can then be constructed in order to fix and prevent this from happening again.

Revisit your security plan: Make any changes to your plan that will stop that type of attack from happening again. If your security is not strong enough, add another layer of security and make sure it is implemented properly. It is important to have an incident response plan in place for reacting to a breach within the company.

Other Tips

  • Change all work related passwords.
  • Seek professional help (US! – The Intact Security Team)
  • Ensure your IDS is up to date.
  • Ensure your OS and other software used is patched regularly.

Relax. Your security is Intact.

Author: Intact Security

Google


How To Tell If You Are Under Attack!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 February 2017

35% of all cyber attacks are never detected and 54% of attacks go unnoticed for months, even years, leaving the bad guy to continually access your systems to steal more and more information every day. Not sure if you have been breached? Don’t know how to identify an attack within your systems? Below is a list of advice to help discover if your company is under attack.

  • There has been a sudden rise in your network traffic. It could be one of two things; your new blog post is extremely interesting or you are under attack.
  • An escalation of malformed data packets has been sent through your network and a large amount have been caught by your firewall.
  • An increase in failed log in attempts have been logged. An attacker may be trying to brute force into your network or application.
  • After monitoring your network for some time, day-to-day trends appear. However, lately the patterns in your traffic have been inaccurate. You should investigate further into this matter.
  • Alerts have been picked up by your Intrusion Detection System (IDS), but IT have not had the time to examine them all. Ensure that all priority alerts are handled first.
  • There has been unusual activity within accounts including administrative, such as the time they authenticated, actions that were carried out, what information they were accessing/editing.
  • Everything within System32 has a Microsoft signature. If something is running from System32 without the signature then it is malware.

Other behaviour all employees should be aware of:

  • Your work machine has got extremely slow at even completing the simplest of tasks.
  • New programs that you did not install are now present.
  • Your anti-virus has stopped running. To avoid detection, an attacker may disable your anti-virus so they can continue being undetected.
  • Fake emails from co-workers that contain attachments. These attachments could contain malicious software such as ransomware.
  • Random acts happening on your screen that are not in your control; e.g movement of your cursor which is landing correctly and performing actions.
  • Passwords for accounts have been changed.
  • Your web camera light comes on when you are not using it.

Even if your computer is functioning, does not mean that you have not been breached. It is important to report any peculiar signs to your IT team.

In 2017, cyber attacks are becoming as common as breathing. There is no way to completely obliterate the risk of being hacked but if you are smart about your security and vigilant of the pit falls, you will certainly decrease your chance of attack greatly. What do you do if you have been breached? Read next week’s issue to find out.

Still not convinced that you will get breached? Fortinet track real-time threats across the world that our caught by their customers’ FortiGate firewalls. To see the live global threat map, click here!

Relax. Your security is Intact.

Author: Intact Security

Google