NetWorks Group Blog

 As global cybercrime continues to develop new methods to penetrate system defenses, the tactics used in response to threats have been forced to adapt as well. The result has been a move from simple antivirus protection to complete endpoint protection using sophisticated integrations of endpoint malware protection, threat detection and response algorithms, and, in some cases, managed security services. Endpoint threat detection has been identified by Gartner research as one of the top tools for fighting cybercrime.

Key findings from Verizon DBIR report for the Healthcare Industry

As an information security professional, it can be difficult to know where to concentrate your efforts. Some threats are overly hyped, while others slide in under the radar.

Essential Infrastructure in Peril 

Critical infrastructure industries are a required foundation for a functional society. Without these sectors, vital services and products are unavailable. Health care, finance and manufacturing are three examples of markets that fall under this designation. The huge shortage of personnel with cybersecurity skills puts this essential infrastructure in peril. The demand for these experts is higher than the supply, making it difficult for organizations to appropriately protect themselves from cybercriminals. In the United States, only 66.7 percent of employer demand is met. It's even worse in other countries, with Israel only filling 28.4 percent of demand. 

We often hear from prospective clients that they have a third party perform external penetration testing every year, and it never finds anything serious, so if the attackers can’t get in from the outside, why bother testing anything else? At first, the logic seems sound – Using a castle as an analogy for the network: You’ve built a castle with really strong walls. – If nothing can breach the walls, then the squishy villagers, the rulers, and the royal jewels inside are safe and secure. This thinking follows the traditional 90’s style of network architecture, where the only route into the corporate network was through the border firewall, through the modem – the one hardline into the office.

 It happens all the time. A new penetration test work order comes into my inbox, and the customer is asking us to test only a handful of external IP addresses. A quick WHOIS request shows me that the customer owns an entire class C of public IP space, and that they didn’t even include their public webserver in the scope. In an ideal world, I’d get in touch with our Project Manager. We’d get in touch with the customer, and we talk about the scope, the customer would say it was a simple mistake, and give us a full list of IP addresses they control.

Adobe, MySpace, LinkedIn, and many other large organizations have had major password breaches in the last few years. Breaches where attackers have exfiltrated usernames, email addresses, passwords, and in some cases, plaintext password hints and other data from the company’s database. The initial response is always, "Log into that service, and change your password before the hackers get in and take over that account!" The sad truth is that it’s rarely that account that matters – it’s the other accounts where you (or your users) used the same password and email address that you’re (or they’re) already using on the compromised account with another service.

VENOM (Virtualized Environment Neglected Operations Manipulation)

If you are currently utilizing Xen, KVM or QEMU virtualization products you need to apply patches. VMware and Microsoft Hyper-V virtualization products are not affected.

I had a completely different article typed up, however after catching up on my morning news and seeing a huge amount of controversy regarding Coordinated Vulnerability Disclosure (CVD) from Microsoft, I decided to reach out to the NetWorks Group Community and help our customers (past, current, and prospective) understand what that means to them.

If you're a fan of delicious restaurants, awesome concert venues, Big 10 sports, or just a bike-friendly city, then you should probably be working with us in beautiful downtown Ann Arbor, Michigan. The team at NetWorks Group works at the corner of Main and Huron, a central-point to blocks of great places to shop, eat, and relax at. Located a short distance from the University of Michigan, NetWorks Group benefits from the feeling of both a college-town and an active business hub for southeastern Michigan. For a vibrant mixture of cultures, architecture, and activities, Ann Arbor is hard to beat!

Does your organization have backups? How about backups that are outside the confines of your primary data center? According to research (The Acronis Global Disaster Recovery Index: 2012) looking at data from 6,000 IT respondents, "Almost a quarter (23%) of all businesses still don’t have an offsite backup strategy in place today." The need for an off-site backup can be much more than just an added protection for availability, but also a point of integrity for changes occurring within your enterprise. Consider what would happen if an attacker was able to breach your network and then altered a crucial configuration file. Without an off-site backup, they could potentially edit the existing backups to hide their malicious change and you'd never be the wiser. Much in the same way that log backups sent off-site have added integrity, configuration backups also benefit from this technique.