BLOG

March 1, 2022

Common Attack Vectors in the Cloud

Once a threat actor breaches the security of a cloud environment (see our post from last week on Common Cloud Vulnerabilities) it can freely use its resources allowing for scaling the attacks and wiping traces. According to the 2021 IBM Security X-Force Cloud Threat Landscape Report the most common uses of these resources are: To deliver malware (including ransomware) To execute command-and-control attacks Deployment of cryptominers 1. Malware prefers containers Improperly configured Docker containers prone to compromise are a sought-after destination for many malware types, which shift their targeting from generic Linux systems in favour of Docker containers.

Read more
Common Cloud Vulnerabilities
Common Cloud Vulnerabilities

22.02.2022

The increased popularity of cloud services in recent years goes only hand in hand with the increased interest of malicious actors in the opportunities that this new sphere of computing technology brings. Among the most common cloud attack vectors used by these rogue actors is cloud vulnerability exploitation. According to the 2021 IBM Security X-Force Cloud Threat Landscape report cloud vulnerabilities keep rising and have increased over 150% in the last five years.

More
Cyber Threats - Detection, Response, Mitigation II
Cyber Threats - Detection, Response, Mitigation II

01.02.2022

Mitigations The following advice can enhance organisations’ cyber resilience against cyber threats. Preparedness Establish Reporting Procedures and Ensure Cybersecurity staff continuity Establish your ‘go-to persons’ list for the case of a suspected incident with clear roles and responsibilities. Ensure staff is aware of the list and know-how and when to report an incident. Cybercriminals are known to target organisations on weekends and holidays to take advantage of the potential lack of cybersecurity personnel onsite able to respond to an attack.

More
Cyber Threats - Detection, Response, Mitigation I
Cyber Threats - Detection, Response, Mitigation I

25.01.2022

The number of cyberattacks on businesses is constantly rising. According to surveys conducted by Accenture there were on average 270 attacks per company in 2021 which is a 31% increase compared with 2020. A heightened state of awareness and ability to conduct proactive threat hunting and the implementation of mitigating procedures is what will improve organisations and businesses to improve functional resilience by reducing the risk of compromise or severe business degradation.

More
Security Operations Centre – part 5
Security Operations Centre – part 5

11.01.2022

What is Cyber Threat Intelligence? According to Gartner, Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. Putting it into a less technical language, Cyber Threat Intelligence (CTI) is the data collected, processed, and analysed with the view to comprehend a malicious actor’s motives, targets, and attack practices.

More
Security Operations Centre – part 4
Security Operations Centre – part 4

04.01.2022

The human factor of SOCs According to the definition of Security Operations Centre (SOC) we used in part 1 of these series, ‘SOC is a combination of people, processes and technologies (…)’. How does a SOC’s team look like, what are the roles & responsibilities of its members, and what skills sets are required? A full SOC structure will normally comprise of four tiers with the potential for additional layers as outlined below.

More
Security Operations Centre – part 3
Security Operations Centre – part 3

21.12.2021

The SOC’s main purpose is the identification and reaction to threats. A SOC needs to be able to see what is going on the in the information system it is intending to protect. What else you envision your SOC to do will depend on what you would like it to do. For this article, we will present a SOC with a very wide scope of operational functions. 1. Monitoring & analysis The origin of SOC processes lies in the constant monitoring of the environment through the collecting and analysis of data – user activity, firewall behaviour, system events, etc.

More
Security Operations Centre – part 2
Security Operations Centre – part 2

14.12.2021

You can only truly protect what you know you have 1. Asset inventory You must understand what your assets are in order to understand what you are going to protect. Make sure you have identified all the devices that are on your network as well as what systems, applications, and services have been installed and are running on them. A thorough inventory of assets will contain not only the name of the asset but the asset’s description, criticality, operating system, business owner, technical owner, location and configuration, and vulnerabilities information.

More
Security Operations Centre – part 1
Security Operations Centre – part 1

06.12.2021

What is a Security Operations Centre (SOC)? As with many concepts, there isn’t one single definition as to what a Security Operations Centre (SOC) is. According to the SANS Institute, SOC is a combination of people, processes and technologies securing an organization’s information systems through their proactive design and configuration, ongoing monitoring of the system’s state, detection of unintended actions and undesirable system state, and limiting the outcomes of unwanted effects.

More
Zero Trust Architecture
Zero Trust Architecture

30.11.2021

For many years the infrastructure security model was based on securing the perimeter of the environment. Defenses were built at the perimeter of the network to prevent malicious actors from getting inside. However, once an attacker broke through the perimeter and was inside the environment, they could move laterally between assets with a good degree of ease. There was a rather good chance their actions would not be questioned by the system.

More