Carbon Black Threat Research Technical Analysis: Petya / NotPetya Ransomware - Carbon Black - On June 27, public announcements were made about a large-scale campaign of ransomware attacks across Europe. The ransomware impacted notable industries such as Maersk, the world’s largest container shipping company. The initial infection vector appears to be the exploitation of a Ukrainian tax software called MEDoc. The sample also spreads on the internal network via exploitation of the EternalBlue SMB vulnerability, PsExec, WMI, and Admin$ shares.
Press Release: New Research Shows Cybersecurity Battleground Shifting to Linux and Web Servers - Linux malware is on the rise, making up 36 percent of the top malware detected in Q1. The increased presence of Linux/Exploit, Linux/Downloader and Linux/Flooder combined to illustrate attackers’ increased focus on Linux servers and IoT devices. Users should protect IoT products and Linux servers from the internet with layered defenses. - Legacy antivirus (AV) continues to miss new malware – at a higher rate. In fact, AV solutions missed 38 percent of the total threats WatchGuard caught in Q1, compared to 30 percent in Q4 2016. The growing number of new or zero day malware now evading traditional AV highlights the weaknesses of signature-based detection solutions and the need for services that can detect and deter advanced persistent threats. - The cybersecurity battleground is shifting toward web servers. Last quarter, drive-by downloads and browser-based attacks were predominant. In Q1, 82 percent of the top network attacks targeted web servers
Office 365 Security Use Case #1 for a CASB: Managing External Sharing - Users can share files via Office 365 in three ways: 1) by inviting a user by the recipient’s email, 2) by sending a link, or 3) by configuring the sharing policy to make a document publicly available and searchable. Analyzing the sharing permissions of files in the cloud, Skyhigh has found 28.3% of files are shared with email domains associated with business partners. However, another 6.2% are shared with personal email domains (e.g. gmail.com, yahoo.com)
It Only Takes One Compromised Account or Vulnerability to Cause a Data Breach - Even one stolen account can lead to a disaster—ask anyone who’s had their identity stolen. In a corporate setting, it only takes one password, particularly if it belongs to a privileged user, to start an attack sequence that can lead to the capture of thousands or even millions of user accounts and records. With access to just one device, hackers can plant ransomware, keyloggers, botnets, worms, or many other varieties of malicious code.
Opinion: 4 Reasons Why Organizations Cant Just Patch - If the system isn’t under your control, you can’t update it. The issue is widespread, especially among organizations below the security poverty line, but it applies just as much to financial trading terminals and banks as it does to the network run by a centralized higher education system. Voiding the warranty and licensing terms by doing your own patching is not an option for most enterprises, even assuming you know how to do it...Organizational constraints, particularly in the public sector. Taxpayers aren’t going to pay to update hardware and software that are working just fine....“Built to last” directly conflicts with “update early and often.” When you’re paying millions of dollars for an MRI machine and suite, you expect it to last for decades, and indeed it was built for that purpose. The idea of changing it by updating the software on a weekly or monthly basis was unthinkable...Any system with external, highly entangled dependencies will take longer to update — even years, as integration testing, certifications, regulatory alignment in multiple countries, and staged deployment must all be carefully scheduled.
Full Show Notes