Where to start with Data Loss Protection

DLP or Data Loss Protection is a strategy for ensuring that end users or malicious actors do not send sensitive or critical information outside the corporate network either maliciously or accidentally. A DLP strategy should only be introduced within organizations that already have a mature security infrastructure.

Discussing Cybersecurity in the Boardroom

Cyber warfare is a very real and present danger, with more companies finding themselves on the losing end of the battle. Statistics from security monitoring services show that in a single hour alone, there are about 184,188 recorded cyber security breaches. This should be a wake-up call to key stakeholders, the majority of whom assume that cybersecurity is simply an IT problem and responsibility.

If you haven’t heard already, Equifax one of the “big-three” U.S. credit bureaus has announced a data breach that may have affected 143 million Americans, including consumer Social Security numbers, birth dates, addresses and some driver’s license numbers. For a good rundown of what has transpired so far, Krebs on Security has a solid in-depth article on it here. Every time there is a breach in the news, most other outlets swarm to a few different types of articles. Some popular directions are attribution, defense advice, or sensationalist journalism.

Are you in the market exploring options for security log monitoring and management? If so, I’m sure you are inundated with requests for a meeting from various SIEM (Security Information and Event Management) vendors.

A few years back I had a lunch meeting with two IT Security veterans. One remarked, “There’s been no Pearl Harbor or 9/11 in cyber security. Nobody has ever died because of hacking.” If there was, there would have been a “rallying cry” or a massive response.

A comprehensive cyber security framework consists of several components, and one of the most important among them is security log monitoring. Without an effective security log monitoring and management policy in place, a company runs the risk of non-compliance, and perhaps fines, if there is ever a data breach. In order to maintain compliance with guidelines laid out by laws like HIPAA, and frameworks such as PCI, companies need to have an effective security monitoring solution in place that can help them collect and analyze log information so they can detect and respond to cyber attacks.

What is ANGRYPUPPY?

ANGRYPUPPY is a tool for the Cobalt Strike framework (@armitagehacker), designed to automatically parse and execute BloodHound attack paths. ANGRYPUPPY was partly inspired by the GoFetch (https://github.com/GoFetchAD/GoFetch) and DeathStar (https://github.com/byt3bl33d3r/DeathStar) projects, which also automate BloodHound attack path execution. ANGRYPUPPY uses Cobalt Strike’s built-in lateral movement capabilities, and the credential-stealing capabilities of its agent, beacon.

The NotPetya ransomware, a Petya variant, attack of July 2017 is similar to the recent WannaCry attack that struck 230,000 computers globally. NotPetya utilizes the same exploit as WannaCry, Eternal Blue, to infect Windows-based computers across the network. All of the files on the victim's computer are encrypted, the master boot record is overwritten, and a message appears that demands $300 in Bitcoin. Unlike other types of ransomware, paying this fee does not give access back to the files, as the malware is designed to be unable to undo its effects on the computer.

 As global cybercrime continues to develop new methods to penetrate system defenses, the tactics used in response to threats have been forced to adapt as well. The result has been a move from simple antivirus protection to complete endpoint protection using sophisticated integrations of endpoint malware protection, threat detection and response algorithms, and, in some cases, managed security services. Endpoint threat detection has been identified by Gartner research as one of the top tools for fighting cybercrime.