Defending Against Cybersecurity threats in 2019

Webroot just released their latest cybersecurity threat report after analyzing data from the first half of 2018, and results show hardware can be just as vulnerable to attacks due to exploitable flaws as the software that runs on it. Meltdown and Spectre were the clear winners, affecting almost every device known to mankind that has a processor. It's hard to fathom these two vulnerabilities existed for two whole decades before being discovered. In many ways, this latest report is no different than other cybersecurity reports, in that it only proves no security defenses are impenetrable. What is changing, is more hardware and software vendors are working together for the greater good. It not just a Kumbaya moment. Vendors are starting to collaborate to build better defenses, provide quicker responses to threats, and truly helping each other to help the public.

In fact, some companies have been using this business model for a while now, and having an amazing impact on the customer experience and satisfaction rating. Take IBM for instance, they have been collaborating, designing and building their QRadar SIEM Security tool to work with just about any system, device, application, database, scanner, cloud service and including competing security vendor products, right out of the box. Many of the vendors even have integrated hooks built into QRadar that allow very granular feature enhancements for the mutual customer. Some great examples of QRadar and vendor working relationships are Carbon Black, Cisco, Palo Alto Networks, Fortinet, Exabeam, ServiceNow, Amazon, Tend Micro, PhishMe, sqrrl, Microsoft, Symantec, Juniper, VMware and many other industry leading technology vendors joining forces to help customers. For a working example, view this QRadar Carbon Black Integration demonstration: https://www.youtube.com/watch?v=dh87-zeDXsg 

According to Webroot, malware and ransomware made up 52% of the threats seen in the first half of 2018, cryptojacking was a close 2^nd, botnets made a respectable 3^rd at 12%, phishing made 4^th with less than 1%, proxy avoidance and anonymizers were in 5^th and the remaining campaigns performed were spyware, adware, spam and key logging campaigns. While Windows 10 is probably the biggest reason for the decline in ransomware attacks, cybercriminals are still making millions using poorly configured RDP connections. But some are moving to easier means to make a quick buck. Cryptomining is also very profitable and growing rapidly. Cybercriminals can use almost any device as host, and most people will never know they are running a bitcoin operation. Personally, I'd rather see a criminal using my systems or devices resources than any of the other options the roulette wheel, even though power consumption is a growing expense for companies.

Although you might be more worried about seeing a pretty good phishing scam landing in your users email boxes (like the below example). The odds of 1 of the 100s or 1000s of employees you have being tricked and clicking on the link is pretty good. That's all it takes.

          From: Microsoft Outlook [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.]
          Sent: Sunday, August 5, 2018 6:25 PM
          To: Hillary Underhill <This email address is being protected from spambots. You need JavaScript enabled to view it.>
          Subject: Your Microsoft Account Password Has Changed

          Your Password has changed.

          The password for the Microsoft account <This email address is being protected from spambots. You need JavaScript enabled to view it.> was just changed.

          If this was you, you may ignore this notification.

          If this was not you, your account has been compromised. Please follow the below steps:

               1. Reset your password.
               2. Learn how to protect your account and make more secure using Microsoft Help.

          To change your security notification settings, click here.

          Please Do Not Reply

          Microsoft Enterprise Account Team
          Operating and serving you 24/7/365

Obviously educating employees like Hillary on what not to do with emails may have helped, but as you can see, cybercriminals are getting better and better with their deceptions.

Methods used for penetrating corporate networks will continue to evolve, and tactics used to head off security threats will vary from company to company. A lot of companies are working harder and spending more money on resources, while some are finding ways to work smarter, with less resources and having much better results. Companies need to figure out what works, instead of recycling the same failed concepts over and over. Replacing a Security Officer that intends to use the same game plan and plays, is not likely going to change the outcome of a successful SOC. What will change the outcome, are the security defenses chosen for a given purpose. The security defense market is very competitive today, so prices are not typically as much of a factor as in the past.

Get answers to the right questions:

     Does this SIEM support my infrastructure?
     Does it integrate with our existing security tools and defenses?
     Will it enhance our security posture?
     Is it easy to deploy and manage?
     How long will it take to deploy?
     Will it cause too many false positive alerts?
     Will it cause our staff more work?
     Will we need to hire more employees to support it?
     Is it advanced enough to address all our security requirements?
     Will it monitor our Cloud infrastructure?
     Is the vendor advancing its product or maintaining the status quo?
     Will our remote branches be included in the corporate SOC?
     Are our expectations in line with a successful SOC?

You can read the complete Webroot "mid-year" Threat Report, September 2018 here.