cyber security

  • Cyber security is smarter now so there's no excuse

    Deep threat intelligence from the dark Web, in real-time, combined with reputational data, gets the most comprehensive information on the threat landscape

    by Tallen Harmsen, head of IndigoCube Cyber Security.

    Office 365 missed nearly 1 million spam, phishing, and other e-mails in September 2017 that contained malware of 10 million e-mails verified. Of that number, the story continues, about 34 000 were phishing mails, which was not too surprising, but what was a little surprising and even concerning was that around 2 500 of the mails contained malware that was well documented. The security researcher quoted notes that 2 500 is a very small part of the total, around 0,4%, but that it is the most dangerous part and should have been easily netted using simple threat signatures.

    And who is to blame for the total 10% of spam, phishing, and malware mails sneaking through? Microsoft or the customer? Both should actually shoulder at least partial responsibility. Users apparently misconfigured their systems and their policies were poor. But Microsoft is said to rely on reputation-based filtering that uses a database that lags today's surge of distributed attacks that involve malware, phishing, spam, and botnets associated with fresh IPs.

    Microsoft's solution is particularly reliant on reputation-based filtering. That means their knowledge is only as good as the database. Today's commonly distributed attacks typically involve many fresh IPs so the database cannot pick them up. Tracking new IPs is extremely difficult and only reliable following an attack, which means it's too late.

    IP-based filtering is a necessary security layer but it cannot be the only one. That's why we ally that with deep threat intelligence from the dark Web, in real-time, combined with reputational data to get the most comprehensive, up-to-date information on the threat landscape.

    It's the only way to get a five-times hash indicator increase, enriched with intelligence from the dark Web, on-demand lookup of five billion files for real-time intelligence, and combined with context for over 10 million hashes historically observed and enhanced with additional intelligence.

    The result is that cyber threat prevention benefits through real-time intelligence enrichment.

    Had Microsoft used this approach it would have had updated information on new IP addresses associated with distributed attacks. But it's traditional reputational approach simply can't cope in our modern world of evolved cyber attacks. And it's an approach that keeps you a step behind the hackers.

    It pays to at least keep pace with the baddies. Missing a million spam, phishing, and malware mails isn't quite keeping pace. Microsoft has undoubtedly remedied the situation. Shouldn't you?

    This article was first published by

  • How your rubbish IOT security can pivot to bolster your total network

    IOT security is becoming more urgent.

    By Tallen Harmsen, head of IndigoCube Cyber Security.

    In October 2017, warnings cropped up of a brewing Internet of things (IOT) botnet building for an unknown attack at some time in the future. More than one million organisations - organisations, not devices - have been affected by the attack that is building a new botnet.

    It highlights the fact that our modern threat landscape is changing, evolving, to accommodate our new technologies. IOT devices - cameras, sensors, monitors, wearables - are connected, and because of that, they're valuable to the hackers. Considering the sheer volume of IOT devices, it's not surprising that hackers have automated the process to hack them. Botnets are being used to create even bigger botnets.

    Hackers initially exploited a complete failure to even attempt securing IOT devices. Administrators usually failed to even put passwords onto the devices. Could we really blame them? Their creators never originally designed them to connect to the Internet, so many of them don't even have a password feature. But the world has changed, says Tallen Harmsen, head of Cyber Security at IndigoCube.

    Today's hackers accept the password situation is changing, so common IOT hacks now exploit vulnerabilities in the device code. Again, the original code that makes these IOT devices function normally wasn't designed with the Internet and a rampant hacking problem in mind, so they're not the most secure. Normally that means we have to crowbar some extra code into them to secure them. It's not a pretty solution, but it can work as long as the device operating system will accept the code and if devices have the memory and processing capacity to run it, which they sometimes don't.

    When you run into that problem, you typically have one of two options: a) chuck the device and get a new one that's more secure or can run the secure software; or b) don't do anything and hope for the best. Neither of those is a pretty option. The first can quickly become prohibitively expensive and the second could well be worse than ramming your own car straight into a brick wall. Either way, there's going to be an awkward silence when someone finds out.

    Your options, then, are to spend millions or demonstrate unbridled insanity. Not much of a choice.

    This is why we have come up with a new solution for you. And it not only secures your IOT devices, it actually uses them to make the rest of your network even more secure too.

    You cannot secure what you cannot see and most organisations simply don't see as much as 20% to 30% of their network devices, which happen to be security cameras, smart TVs, and media equipment, attached to them. Those devices have IP addresses and they should therefore be included in security efforts.

    Similarly, you cannot secure what you cannot control. You must be able to enforce security policies across all network devices, all the time, even those that appear and drop off the network at irregular times. Contextualised policies do it better. They are security rules, or policies, that are no longer static; they are dynamic, they can adapt, they are temporal based on their environment, locations, behaviours and more.

    And finally, security must be layered and begin acting, not at the perimeter of the network, nor on the many devices that attach to and fall off the network, but well beyond these internal and external perimeters. Indicators of compromise (IOC) ratchet up administrator awareness before systems succumb to nefarious hacker bots. That's intelligent use of public data both in your own environment and beyond it that's largely ignored today and leaves organisations vulnerable as a result.

    But administrators can't just know an attack is imminent; they must be capable of action. Automated multi-system orchestration is absolutely crucial to corrupting hackers' efforts. Hacker tools are automated so they operate at the speed of machines. The good guys simply cannot match machines where the meat meets the keyboard. They need modern tools, which are automated, to fight the automated hacker bots at speeds their own size.

    This intelligent environment of network-wide orchestration effectively means your security solution shares contextual system data to improve its own security. The devices work together to automatically respond by enforcing dynamic, adaptable and contextualised policies to rapidly contain risks and fix compromised end points. It's not about saving administrators time and hassle. It's about being faster than the crooks so they can't get a foothold. And it slashes attack windows.

    Don't get me wrong. This isn't a silver bullet. But it's a giant leap forward.

    This article was first published by