This week, the world gathered to talk cybersecurity at the 2016 RSA Conference. During the conference, Mario Vuksan, CEO of Reversing Labs, presented on the threats of greatest consequence heading into 2016.
As the attack surface exponentially increases, it’s becoming more and more difficult to protect your organization from attacks. From ransomware to spearphishing, mobile malware and the Internet of Things, it’s never been more critical to have full visibility into your organization.
So, the question becomes: How can your organization remediate risk?
Though ransomware has been around for years, there’s been a recent increase in use by cybercriminals, according to the FBI. These offenders know the value of an organization’s data, and once they have it in their hand, it’s hard not to pay the ransom. The FBI estimates the scam rakes in $150 million per year.
Recently, the world took notice of the LA hospital that paid $17,000 in bitcoins to recover their information. LogRhythm CISO and Vice President of LogRhythm Labs, James Carder, notes that once a cybercriminal holds your data hostage, you have little choice but to pay the ransom.
Mitigating this type of attack is really about two things: 1) early detection with a capable anti-malware solution and 2) a robust backup plan to minimize the business impact when a machine is infected. LogRhythm can help quickly identify a spreading infection and ensure that backup solutions are working as intended.
More and more, we are seeing mobile devices and mobile operating systems fall victim to malicious apps.
Just recently, the Nokia Threat Intelligence Lab released findings showing that smartphones account for 60% of the malware activity in the mobile space, ahead of Windows-based computers and laptops.
The report also revealed an increase in iOS-based malware, such as those enabled by XCodeGhost, as well as sophisticated Android threats.
Although consumers are ripe for the picking with mobile malware attacks, organizations should be concerned with the rise of mobile attacks, given the prominence of bring your own device (BYOD) programs.
If your organization has a BYOD program, it is imperative to connect your mobile device management (MDM) software to a SIEM such as LogRhythm. This makes it possible to set and monitor app-install and jailbreak policies, quickly isolate infected devices, and acts as an additional source of user data supporting user behavior analytics.
As mentioned in earlier posts on this blog, social engineering and spearphishing attacks are taking the place of the traditional attack methods of writing software to infect and obtain information.
In these counterfeit business emails, attackers disguise an email to make it look authentic in order to initiate fraudulent financial transactions or steal confidential information.
LogRhythm’s NetMon extracts metadata to identify the true origin of this type of email and look for discrepancies such as a misspelled domain.
Internet of Things
Today, there are more and more devices on a network, making it harder to control the remediation of vulnerabilities. On any network, there could be 50 Blackberry devices, 200 iOS devices and a variety of embedded network devices such as a smart doorbell.
Just this week, the intensification of the DROWN attack, which allows attackers to break the encryption and read or steal sensitive communications, puts IoT devices with OpenSSL on the network at serious risk.
But how do you patch an SSL device such as a smart doorbell? Devices with these vulnerabilities don’t always have a clear means of remediation.
This is where a full view of your network devices becomes necessary. If you’re able to see that there is a vulnerable device on your network, you can perform the necessary tasks to remediate the issue such as pulling it off the network or hiding the device behind a firewall to make it less accessible.
This is just the first wave of threats emerging in 2016. As time goes on, we’ll see these types of attacks continue to evolve into new types of malware and phishing campaigns. Having full visibility into your organization’s network enables end-to-end threat lifecycle management.