BitDam Blog

Rotem Shemesh
Rotem Shemesh
4 minutes & 50 seconds read · March 13, 2020

How To Educate Your Employees So They Won’t Be Fooled By Coronavirus Hacks

With Coronavirus, or COVID-19 all over the news, it was only a matter of time before malicious actors exploited the pandemic for their own gain.

Numerous organizations have reported coronavirus-related phishing scams. Various parties have been blamed for spreading everything from disinformation to Emotet malware. Malicious email campaigns have been sent on a huge scale purporting to be from experts such as the World Health Organization, which cynically trick users into clicking links, downloading files or sharing credentials – all of which can have disastrous consequences.

Employees, who are already receiving legitimate coronavirus-related emails from their HR departments, are at higher risk than ever. Working remotely from home compounds the problem even more.

Employees Are Human

Employees are not machines that can be programmed to react consistently. Since they are now more stressed than usual thanks to doomsday headlines, they are more vulnerable to phishing and malware scams that target their pain points and take advantage of their fears.

For example, an email doing the rounds scares users with fake AIDS results, not to mention coronavirus-themed shocks. This climate of uncertainty is exactly what the attackers want to exploit: humans make less-informed – that is to say, worse – decisions when under stress. That’s how otherwise smart, well-educated employees can suddenly find themselves clicking on a coronavirus phishing email – and compromising your network in the process.

Working From Home – Increased Risk

Another factor increasing the impact of coronavirus hacks is the disruption to routine. Flights have been canceled en masse. Thousands have been told not to come into the office, but rather to work from home – including all Google employees in North America.

Not only does this disruption to routine affect decision-making, but it also means that users don’t have access to the security measures they have come to rely on at their offices. For example:

  • Not all companies have Virtual Private Networks (VPNs), and even if they use a VPN, it’s not 100% effective
  • Employees might be using their home computer, with no end-point security and no dedicated email security
  • Employees might have standard security measures in place – such as O365 E3 or Dropbox Enterprise Security – without realizing that this does not protect them from all threats
  • The use of communication platforms such as instant messengers and shared drives is likely to dramatically increase
  • Other conferencing and productivity apps’ usage will spike, such as screen sharing tools, video conferencing platforms and other corporate collaboration tools
  • So much so that Microsoft has offered its premium Teams platform for free over the next six months while Google is making the premium version of its Hangouts Meet workplace video chat tool free until July

The increased reliance on these productivity tools coupled with the lack of security offered by a traditional office setting poses a massive security risk to organizations.

How To Protect Employees

Keeping your employees protected – and by extension your entire network – is no easy task. The best possible protection will leverage a combination of technology, including the latest cyber defense tools, together with awareness and education around coronavirus scams.

Education and Awareness

Educating employees can go a long way towards increasing your organizational security. Now more than ever, it’s critical that you as an employer emphasize the importance of these instructions. While only part of an effective overall solution, the following should be addressed when educating employees:

  • Educate your employees about the coronavirus related scams that are out there, so they’ll be aware and therefore more cautious around any type of corona-related communication
  • If possible, show them real-world examples
  • Educate specifically around how to prevent ransomware attacks
  • Try these templates to help spread your important message without creating confusion (note the Ransomware attack and Phishing templates specifically)
  • Ask them to read coronavirus-related instructions from official websites only
  • Of course, remind employees not to open or download files from an email address they don’t know
  • Have employees be aware of what constitutes a suspicious request, such as any request for account credentials or strange downloads
  • Remind employees the alert procedures so that employees know how to alert their administrator to any suspicious emails or unusual activity

Technology and Cyber Security

Education is important, but without an effective cyber security practice behind you, your organization is highly vulnerable to coronavirus – and other – cyber attacks. When choosing a solution, you should ensure that:

  • Protection is effective independent of employee location and office facilities, and that all collaboration channels are covered
  • Remember these channels are going to be used significantly more due to the decentralization of the workplace thanks to coronavirus, and therefore extra care is required here
  • Since 92% of malware is delivered via email, protecting users’ email is critical. Use an attack-agnostic email security solution, ensuring it detects malware pre-delivery
  • Do this for all collaboration channels that are used when working remotely, as an attack is highly likely to come via Google Drive, for example
  • Even if you are working from home, you can check your current corporate email security posture with BitDam Lucky Meter
  • All the tools employees communicate with are protected, including:
  • Email (covering attachments and URLs)
  • Cloud drives (Google Drive, Microsoft OneDrive, Dropbox etc.)
  • Enterprise Messaging applications (Teams, Skype, Slack etc.)
  • Additional digital communication tools

Many tools protect certain aspects of employees’ day-to-day computer usage, each with varying degrees of success. This makes implementing a comprehensive security solution covering all malware detection and prevention scenarios an essential priority for organizations of any size.

Your Comprehensive Cyber Security Partner

To ensure your organization is secure, you have to continuously test its security posture. This can be done, even from home, using BitDam Lucky Meter which continuously tests your email security against the latest malware samples from the wild.

Deploy it for free and get a sense of your security posture – especially in these crazy times of coronavirus hysteria.

Read more
study 2020
Liron Barak
Liron Barak
3 minutes & 9 seconds read · February 7, 2020

Shocking Study: Our Email Is A Whole Lot Less Secure Than Most People Think

If you were offered a bulletproof vest that protects you from only the second bullet – would you take it? The answer, most likely, is “Absolutely not”!

Yet when it comes to emails, that’s exactly what the vast majority of people sign up for when they trust common email security solutions. Malware, Phishing, Ransomware and by extension Data Breaches are able to breeze through these security solutions – essentially meaning that the vast majority of organizations are leaving their security to chance, hoping they won’t be attacked next.

Finally, and for the first time, it’s confirmed by empirical research. In this groundbreaking study, our latest published findings demonstrate that it’s worse than most people thought: up to 40% of malicious emails get through common security solutions.

Why is this? It’s primarily due to how these common security solutions work.

Why Security Solutions Miss So Much

Dealing with known threats is relatively easy. Most products are built and maintained to handle them. It’s threats that are encountered for the first time, or Unknown Threats, that pose the greatest challenge.

Traditional email security solutions have to first encounter these threats, then analyze them, validate that they are indeed a threat, then classify them and only then can they recognize and stop the threat.

In the meantime, these malicious emails are hitting your inbox and those of coworkers and employees. In fact, we found that the length of time it takes until these threats are actually detected – the Time To Detect, or TTD – is 24-48 hours on average, and often a lot longer. Not very helpful, in fact completely useless when it comes to this vital area of your security.

It gets worse: these threats are now being automated to constantly mutate in order to evade security systems. As soon as the system has learned to defend against one threat, it’s cousin has already evolved to evade those same checks.

What To Expect In The Study

In the study, you’ll find how common email security systems, such as Microsoft’s Office 365 ATP, G-Suite Enterprise and others, have a high miss rate of between 20% and 40% for unknown threats at first encounter.

What’s more, we show how these systems take between 24 to 28 hours to start protecting against the threats they first missed. This Detection Gap means that enterprises are continually unprotected against unknown threats.

Most importantly, we’ll show what you can do to protect yourself.

Key Findings

Some of the key findings over the period of the study include:

Microsoft Office 365

    • Microsoft Office miss rate is around 23%
    • Average TTD is 48 hours
    • Around 20% of unknown threats take 4 days or more to be detected

 

Google G Suite Enterprise

  • Google G Suite Enterprise’s miss rate is around 35%
  • Average TTD is around 26 hours
  • Around 10% of unknown threats take 3 days or more to be detected

Following The Study and Staying Protected

Since data-driven threat detection technologies fail to provide protection against unknown threats due to their inherent dependency on data, they must be augmented by a different technological approach in order to provide better email security.

The BitDam solution is built on top of a unique threat-agnostic detection engine. BitDam’s model-driven threat detection technology at the heart of BitDam ATP allows it to reach extremely high detection rates for unknown threats at first encounter.

Its TTD is zero, so full protection power is available at all times.

BitDam is able to correctly identify all the unknown threats missed by the email security products in this study, making BitDam a natural choice for augmenting current email security products and considerably reducing the risk customers face today from their incoming email.

For more data and insights, and to learn about staying protected against Unknown Threats, visit this page and download the full study.

Read more
Alex Livshiz
Alex Livshiz
4 minutes & 4 seconds read · January 20, 2020

Trends in Cyberattacks: The Villains of 2019

Trends in Cyberattacks: The Villains of 2019

It seems that no sooner has the world recovered from one cyberattack, that another one hits and causes a tremendous amount of damage. One of the main challenges faced by organizations and security professionals is the constantly evolving  nature of cyber attacks, as they have to keep changing their methods in order to stay effective.
Interestingly, our research shows that many major cyber attacks originate from one of only a handful of “families” – and that understanding the constantly evolving nature of these attacks is a key step in ensuring you stay protected.

Cyber Attack Trends

We pooled the collective knowledge of cyber experts to map global cyber attack trends over time. Using data from Twitter, we mapped the key attack families and looked at the number of instances of each, over time. This exposed some fascinating trends and their intersection with major cyber events.

The Villains: Most Prominent Cyber Attacks of 2019

The most prominent cyber attacks of this period were variations of the following:
Emotet

  1. A polymorphic banking trojan. It was unveiled in 2014, mostly in Europe, followed by the USA
  2. Spread through malicious JavaScript files
  3. Emotet is able to intercept network traffic in order to access bank and financial accounts. When running in a sandboxed environment, Emotet changes its behavior to avoid detection
  4. Today, it spreads to new computers using malspam campaigns, mostly through links and macro-enabled documents
  5. Uses a shortlist of targets for maximum effectiveness
  6. Has more than 30,000 variants

WannaCry 

  1. A ransomware worm that was widely spread in May 2017. It said to have affected more than 200,000 computers across 150 countries
  2. The damages WannaCry caused are estimated in the hundreds of millions of dollars
  3. It’s estimated that North Korea was behind the attack
  4. Has more than 12,000 variants

Trickbot

  1. A trojan-type malware designed to steal private data
  2. First identified in late 2016
  3. Has more than 2,000 variants

GandCrab 

  1. A form of ransomware that encrypts all files and changes extensions
  2. The GandCrab family consists of numerous variants, including GDCB, KRAB, CRAB virus, GandCrab 2, 3, 4, and 5
  3. As of March 2019, the GandCrab family has spawned 9 distinct variants along with subversions that have reached v5.2

Dridex

  1. Also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word
  2. Has more than 20,000 variants

The graphic shows how Emotet and its variants were the dominant cyberattack over this period, with WannaCry trending strongly over parts of the year, along with Trickbot and GandCrab. Dridex’s impact was almost constant throughout the year.

Cause and Effect: Cyber Attack Trends of 2019

What caused certain cyberattacks to trend over 2019? Why did some cyber attacks “come from nowhere”, while others suddenly spiked after lying dormant for long periods of time?Spikes and major changes intersected with the following news pieces and events.

  1. 01/01/19: Emotet campaigns resurge after the holidays
  2. 14/04/19: Microsoft (and later the NSA) warn of a major vulnerability (CVE-2019-0708) that can lead to a WannaCry-like attack and spread quickly
  3. 01/06/19: GandCrab creators shut down operations after making huge profits
  4. 18/07/19: Trickbot begins to be distributed using fake Office 365 websites
  5. 24/09/19: New Emotet variants are seen in the wild

One of the key takeaways here is that these attack families keep evolving and new variants emerge constantly. How can you ensure you will be protected when the next one emerges?

The Continuously Changing Nature of Cyber Attacks

It cannot be emphasized enough: cyber attacks keep changing in order to avoid detection and to stay effective. The kicker? These changes are due to automation used by attackers.
While 5 main “families” of cyber attack are followed in the graphic, each of these has spawned thousands of subsets and variants and is creating more as you’re reading this. Without much work from the attackers’ side, these cyber attacks are morphing slightly each time, much like viruses “drift” and “shift” in the real world. Thus, they bypass existing security solutions. These “unknown threats” or “everyday unknowns” are generated all the time. And by the time the security solutions recognize and block them, new unknowns have already been created. This renders them impervious to techniques such as smart signatures and threat hunting. Timing is also key here. By the time security solutions identify these “everyday unknowns” as threats, organizations are already exposed. This may take hours or even days.

Automation in Cyber Attacks: A Growing Trend

This trend of automation in cyber attacks is expected to continue and even grow in 2020. We’ve published in-depth studies that show how hackers plan their attacks. Automation and in-built evolution are now a permanent part of an advanced attacker’s arsenal.
The traditional security tools currently in use by most enterprises are no longer capable of dealing with this new automated threat.
To check if your current email security protects you from these attacks, use BitDam’s Breach & Attack Simulation tool, available at https://bitdam.com/bas/.

Read more
how to avoid ransomware
Maor hizkiev
Maor hizkiev
4 minutes & 1 second read · January 20, 2020

How to Avoid Ransomware Attacks

Starting a new year and decade, many enterprises are finding themselves evaluating their enterprise security. The biggest threat the cyber world faces are the constant emergence of new attacks and implementations of existing, slightly altered variants. With the number of new variants , and a 77% surge in ransomware attacks 2019, it is safe to say ransomware attacks are not going to slow down in this new decade.

The Risk of Ransomware

Ransomware attacks can have devastating effects. Here are some examples.

The most tangible damage is the financial loss. The average estimated business cost of a ransomware attack from beginning to end is over $900,000. To make matters worse, enterprises are often forced to pay hefty fees for forensic consultants and lawyers following the attack.

In addition, in most cases ransomware attacks cause some downtime which affects businesses no matter how big or successful they are. When it comes to enterprises, downtime typically equals huge financial losses, considering that 34% of businesses hit with malware taking over a week to resume operations. Downtime due to ransomware typically also results in a decrease in consumer trust.

This leads us to the next point, which is reputation damage. When a business is associated with ransomware, the damage to its reputation is great and it takes a long time to recover.

If that’s not enough, many ransomware attacks also involve data loss or damage. A key asset to any business, the effect of data loss or damage can be devastating. With the biggest concern for customers post-attack being the protection of their data, these cyberattacks not only hurt the business, but can equally affect customers.

Avoiding Ransomware Attacks

By now, you are probably convinced that you better avoid being hit by a ransomware attack. Here are a few ideas on how to protect your business from the next ransomware attack:

1.    Educate your Employees

Train your employees to recognize phishing emails and fake websites containing malicious links. Inform them about the risks and educate them on which emails should raise their suspicion. This won’t make you or your employees 100% immune to ransomware but it can reduce the chances of your employees clicking a malicious file or link that will cost your business millions. Educating employees is one piece of the puzzle in keeping ransomware attacks away from your enterprise.

2.    Be Prepared with Backup and Recovery Plans

It’s important backup your organization’s data. That’s a known fact. And yet, we should stress it here again. No matter what size your organization is, or what industry you are coming from, backups can save your business when it comes to ransomware attacks. With the exponential amount of data collected and kept by enterprises, data loss can cause the loss of millions of dollars.

It’s equally as important to perform backups offline, if the backup is done incorrectly, this can lead to additional issues.

Unfortunately, the statistics shows that 73% of businesses are not ready to respond to a cyberattack. It’s true that backups won’t stop ransomware attacks from happening, but they may accelerate the recovery and save your business from additional losses.

3.    Add Threat Detection Solutions

Ransomware attacks don’t happen overnight; Attackers first penetrate an organization, and then typically move laterally through the network or lay still while collecting data. In many cases, they will strike only after a while. Threat detection tools that recognize a threat in its early stages after infiltrating an organization, preferably before it reaches the end-point, can change the game by allowing you to take action before it is too late.

What is something to worry about is after the initial infection, it takes minutes to ransom the organization.

4.    Deploy an Advanced Email Security Tool

Most enterprises have at least one email security product in place (and sometimes more than one). There is a range of products, solutions and providers with slight differences between them. These tools are effective in blocking most cyberattacks, and usually also some of the ransomware attacks. The real question is “would the email security product that protects my business detect new ransomware attacks at first sight?”. As mentioned before, ransomware attack variants proliferate quickly, it’s often too late to detect after minutes since the attack was missed. This is what  makes it more difficult for security solutions to recognize them.

It’s important to carefully test these products before you deploy one and keep challenging them with new attacks and attack methods all the time.

How to Know if You’re at Risk

To ensure your organization is secure, you have to continuously test its security posture. Try BitDam’s online Breach and Attack Simulation for email. Sign up for free and get a sense of your security posture and which of the above would bypass your current security and which would be blocked if emailed to you today.

Read more
A Year-in-Review: The Top 3 Threats of 2019
Roy Rashti
Roy Rashti
3 minutes & 57 seconds read · December 9, 2019

A Year-in-Review: The Top 3 Threats of 2019

Moving into 2020, I wanted to take a look back at some of the must-know threats of 2019, which unfortunately, can pose a threat to each and every one of us. Here are the top ones.

1. Ransomware

One of the most intimidating threats out there is Ransomware. A malicious software that encrypts any data it can get a hold of, preventing access to this data until the ransom is paid. Attacker’s preferred targets for Ransomware attacks are SMBs. These organizations tend to have insufficient defensive mechanisms leaving themselves vulnerable to such attacks.

Ryuk

A nasty Ransomware which became very famous since its conception in 2018.

It is operated by a Russian-based hacking group called Wizard Spider, also responsible for Trickbot malware. Ryuk is a great example of a multi-stage attack, as many of its installations are done by Trickbot.

It is believed Ryuk is somewhat of an evolved form of Hermes Ransomware due to numerous similarities and characteristics.

Bitpaymer

Usually paired with Dridex/Emotet, Bitpaymer Ransomware usually targets mid-large size organizations, making it’s ransom payments relatively high.

Bitpaymer is operated by Indrik Spider, the same e-crime group that operates Dridex.

Earlier this year, DoppelPaymer was forked from Bitpaymer’s code and it appears that both malware were operating in parallel.

Gandcrab

Notorious Gandcrab is one of the most successful RaaS (ransomware-as-a-service).

In 2019, the operators of Gandcrab declared retirement, after making over $2B in just a year and a half (for comparison – Dunkin’ Donuts gross revenue was $1.3B in 2018 with significantly larger operation costs.

 

2. Phishing

Generally speaking, Phishing is a form of a cyber-attack deceiving an end-user and tricks them into doing actions or providing information, they would otherwise not disclose.

These days, not a day goes by without a huge number of phishing attempts. New levels of sophistication, along with technology improvements, brought the field of phishing to a new playing field.

Business Email Compromise (BEC)

Heavily relying on social engineering, the fraudsters try to impersonate the organization’s executives into fooling employees, usually in order to have them do things benefiting the attackers, like wire transfers. Among “these phishing methods, are CEO Fraud, Attorney Impersonation, Data theft, etc.

Watering Hole Attack

The term, borrowed from the realm of animals, refers to a situation where attackers wait stealthily for the victims in a place they know their victims will end up coming to.

Attackers inject their code into a legitimate website’s code while preserving the original look and behavior of the website.

When the victim arrives at the website, the attack will execute.

This could result in leaked SSN, email addresses, passwords or even start a download of the newest version of the attackers’ botnet.

Credential Harvesting / Impersonation

In this plot, the attackers usually create a fake website with the look and feel of a popular website; Paypal, Bank of America or even Office365 login page. A link to the website is often distributed via email and, if the attack is successful, the credentials of the innocent end-user will be stored and used by the attackers for various purposes.

 

3. Botnets

One of the most prevalent first-stage attacks.

A Botnet is a malicious computer program, designed to be controlled by the attacker.

It can be leveraged to create a massive DDOS attack, leak sensitive information from the end-users’ computer or install the next phase of a complex Ransomware attack.

Emotet

Undoubtedly, a top dog in the Botnet landscape. The US Cert states Emotet is among the most costly and destructive malware. This banking trojan is widely spread and used as an installer for malware like Dridex or Trickbot.

Trickbot

One of the most successful banking trojans. Often paired with Ryuk, causing destructive damage to organizations, Trickbot is massively spread through email campaigns. Trickbot is a modular malware, which means the attackers can adjust it for their needs – drop another malware, use Mimikatz and leak sensitive information from their computer.

Dridex

Often used as a prior infection phase for Bitpaymer and also known as Cridex or Bugat. This malware is usually delivered via malicious VBA macros in Office documents. One of the main things Dridex does is log keystrokes, trying to find sensitive banking information in hopes to steal money from innocent victims.

 

The cyberthreats landscape constantly evolves. New types of attacks and implementations of existing attacks keep emerging. With attackers selling ‘Ransomware as a service’ (RAAS), combining their operations with multi-stage attacks and installing stealth Cryptomining malware, bad actors’ creativity never ceases to amaze.

To ensure that your organization is secure, try BitDam online Breach and Attack Simulation. Sign up for free and get a sense of which of the above would bypass your current security and which would be blocked if emailed to you today.

Read more
Rotem Shemesh
Rotem Shemesh
3 minutes & 38 seconds read · November 11, 2019

Why an Added Email Security Layer is Essential for Advanced Threat Protection on Office 365

The world sends (on average) a staggering 281 billion emails per day in 2018, and is expected to cross the 290 billion mark by the end of 2019. In the thirty years since email hit the general public, it’s become our most pervasive and powerful communication channel. No wonder email-borne attacks are the number one way for malware to breach networks.

Unfortunately, the standard malware detection and prevention options in Office 365 are insufficient to protect your company’s intangible assets. Advanced Threat Protection (ATP) is therefore necessary to defend your users, data, and intellectual property from hackers.

3 Reasons Why Added Security is Essential to Protect O365

Every organization with even a single email address is vulnerable to email-borne attacks. The wide popularity of Office 365 makes mastering its vulnerabilities a smart hacker business.

  1. Most security breaches and ransom attacks start with an email; a company falls victim to a ransom attack every 14 seconds. With one in every 61 emails coming into company inboxes bring a malicious attachment, ransomware is just one threat of many. Once a user opens a malicious email, its malware is making its way through your network.
  2. Using a variety of security layers equals greater protection. Multiple defense layers that each address different vulnerabilities are a staple of physical security, and the principle remains the same for email security. As attacks become increasingly sophisticated, detecting, blocking, and containing malware requires a broad, multilayer net.
  3. Email-borne attacks come in many guises, and part of the increased sophistication comes from hackers getting better at targeting users. Inducing users to download malicious attachments works, but that’s old school. Threat actors don’t need to motivate a download to collect valuable data or gain access to your network. Rather, they use emotive language to mislead employees and get them to click links or fill out forms.

Why Office 365 and Other Email Security Tools are Insufficient

Microsoft offers two levels of security. Its standard email protection is called “Exchange Online Protection” (EOP), and like most email security tools, it can only detect known risks. You can use it to block file extensions popular with hackers, and it lets you prohibit auto-forwarding across every email account.

In other words, the basic stuff.

You can level up with Microsoft’s ATP tool kit or use a third-party ATP tool. These would add another layer of security to target advanced malware by detecting and preventing threats from gaining access. These solutions keep up-to-date about new known risks. However, they offer limited protection against unknown threats.

How BitDam Fills the Unknown Threat Gap

BitDam targets both known and unknown attacks. Most ATP tools do a decent job of detecting known threats. But even if every ATP tool detected 100% of known threats, your organization is still vulnerable. Cyber threats continually evolve, making your highest risks those that are yet undetected. While BitDam ATP does better than these other ATP tools in detecting known threats, its most significant power is detecting the unknown threats. Threats that can leave a company without access to its data for a week or more.

According to Symantec’s 2018 Internet Security Threat Report, ransomware variants increased by 46% last year. Traditional malware detection models that can only look for signs of known attacks will miss the attacks based on these variant evolutions. In contrast, BitDam’s ATP is 100% attack-agnostic. It steps in before any file or link even opens. BitDam scans the file or link, assessing whether it contains  alien code before it runs. This approach allows BitDam to verify the code’s legitimacy or detect malware before it can launch.

Competitors that can prevent known threats need hours, or even days, to identify an emerging unknown attack since they’ve never seen it before. This long lag time between execution and detection allows unknown attackers to wreak havoc on your devices. In contrast, the BitDam approach stops alien code from even running, which leaves zero lag time. Staying agnostic about what threats may exist prevents tunnel vision. As a result, BitDam ATP can detect new threats at first sight.

Comprehensive, multilayer email security is critical to complete company security. Standard penetration testing software won’t expose how vulnerable your network may be, even if you have installed O365 Advanced Threat Protection. Find out the weaknesses in your current level of protection with our free, easy-to-use Breach and Attack Simulation (BAS) tool. You can get it running in minutes.

The results will surprise you.

Read more
Maor hizkiev
Maor hizkiev
4 minutes & 10 seconds read · October 30, 2019

Top 5 BAS Services You Need to Know About

Breach & Attack Simulation (BAS) tools are an emerging category of security products that test a network’s defenses by simulating cyber attacks.

According to Gartner, BAS tools “simulate a broad range of malicious activities (including attacks that would circumvent their current controls), enabling customers to determine the current state of their security posture.”

Crucially, BAS technology provides a company with actionable visibility into its cyber posture while automating and improving its consistency. While BAS tools don’t replace penetration testing, they are often a more cost-effective and expansive solution.

BAS solutions vary widely, especially regarding the degree of customization, the scope of their focus, and complexity of deployment. But, are they really that essential? Why?

BAS Tools Fill The Visibility Gap

The fundamental purpose of BAS tools is to answer the question: How well do your organization’s cyber security measures work in defending your network and assets?

As careful and experienced as your security team may be, security unknowns are sure to exist. In addition, the sheer volume of cyber security applications creates new security challenges; how has a change in one affected the operation of another? How has the addition or removal of a cyber security tool affected your security posture?

BAS tools fill this visibility gap. Ashley Arbuckle, Cisco’s VP Global Security Customer Experience describes the value of BAS tools, stating they “offer an efficient and consistent way to measure the effectiveness of existing security detection capabilities and operations.” And since BAS tools are automated, they provide cost-effective, continuous cyber attack simulation testing. Any change to your network and the BAS tool alerts you to new vulnerabilities.

Our Top 5 BAS Services

In no particular order…

  1. SafeBreach: SafeBreach is one of the earliest BAS providers, which means it offers one of the more mature options in this field. It has patented BAS technology that focuses its simulations on multiple attack vectors. SafeBreach allows for both network and cloud-based simulators. This deployment combination enables it to cover cloud, network, and endpoint security infrastructure. As such, its simulations result in detections across the entire kill-chain.
  2. Cymulate: Cymulate is a fairly new vendor that’s quickly gaining a solid reputation. Its focus is also on running simulations on multiple attack vectors. It provides broad coverage as opposed to digging deep into one attack vector and covers email gateways, web gateways, web application firewalls, endpoint security, full kill-chain APT, lateral movement (network), and data exfiltration (DLP). In addition to identifying security gaps, Cymulate also provides remediation insight and analysis. Simulations can run with or without an agent.
  3. Verodin: Verodin is another early entrant in BAS technology. It integrates with a variety of leading security vendors. Thus, it’s one of the few vendors to support detection testing through integration with other cyber security products like firewalls and data exfiltration. Its central approach is to provide data-based evidence that businesses can use to refine their security position.
  4. XM Cyber: XM Cyber is a specialist in simulating APT attacks. It automates both attack simulations and defense processes in a purple team approach, providing you with a prioritized list of remediation actions. You define your network’s critical assets. XM Cyber’s tool then focuses its APT simulations on compromising those assets and identifying the optimal remediation plan. Once a specific simulation test is complete, you can replay the attack and watch it as it evolves.
  5. AttackIQ: An exciting feature of this BAS tool is its response and remediation exercises used to train cyber security teams. These exercises measure your team’s effectiveness and response time. You can run attack scenarios taken from the company’s library against infrastructure assets you select. You can also download scenarios shared by other customers and customize them. Post-test reports enable you to analyze attacks and responses. Their tool integrates with a variety of endpoints, networks, cloud, identity, data, and SIEM security systems.

Which BAS Tool is Best for your Enterprise?

It depends. (Sorry.)

Every enterprise has its own unique requirements and priorities. These vary based on the size of your organization, and the nature and volume of your most critical assets. Ideally, you’ll want a BAS tool that runs accurate simulations in realistic ways.

You may also wish to consider:

 

    • How does it present its findings? Does it offer prioritization guidance? Does its post-test reporting provide actionable insight?
    • What’s the scope of its simulations? Can it assess all the applications in your security infrastructure, no matter the vendor? Does its attack simulations cover all the elements along the kill-chain?
    • Which attack vectors does it cover? Does it look at your email security posture? Examines your network security? Covers endpoints?
    • What attack techniques and methods does it use, and can they provide the visibility your enterprise needs?
    • Last, your BAS tool should run without affecting network availability or user experience.

 

You can dig deeper into BAS tools by reading about how to set up a breach and attack simulation, check out the differences between BAS and Pentesting, and further exploring the risks and rewards of BAS technology.

 

Read more
How to Protect Yourself From The Lumin PDF Data Breach?
Roy Rashti
Roy Rashti
2 minutes & 3 seconds read · October 17, 2019

How to Protect Yourself From The Lumin PDF Data Breach?

If you’re reading this, you’ve probably heard about the recent data breach from Lumin PDF, exposing sensitive information of millions. Keep reading to learn more about this breach and what actions you should take to protect yourself.

What’s Lumin PDF?

Lumin PDF is a cloud-based platform to view, edit and share PDF files. Lumin owes a portion of its success to Google, who offers Lumin as a third-party application to open PDF files directly from Google Drive.

What happened?

Last month, a hacker published the details of over 24 million Lumin PDF users.

Unlike other breaches that find their way into the headlines, this breach lacked zero-day and sophisticated phishing attacks. The hacker who published the database claimed, Lumin sorted this information in an online, non-password-protected MongoDB database. This allowed any basic crawler to access the information.

The leaked information contained fields such as name, gender, hashed passwords and Google access tokens – a gold mine for hackers.

What exactly is a hashed password?

Hash is a function that uniquely maps a password into a value. Luckily, a well-defined hash function cannot be reversed. It would take an extensive amount of time and compute to reverse a hash to the original password.

What are the risks here? And how to protect?

  • The most sensitive data exposed in this breach were the hashed passwords and the access tokens. Although the leaked passwords were not the originals, but rather the hashed value of those passwords, making the risk is still high. Why? Attackers can use the hashed Lumin password to authenticate and access other services where the user uses the same password and applies the same hashing algorithm. This depends on how the application is implemented.

To protect yourself, it is highly recommended to use different passwords for different services. In the case you used your Lumin credentials elsewhere, you should change your password.

  • Lumin claims the leaked Google access tokens are expired. To avoid any uncertainty, you can revoke Lumin’s access to your Google account.

 

Keep in mind, most data leaks do not happen as a result of an unsecure database, rather following a successful cyber attack. This is typically seen as a trojan or a credential harvesting phishing website, most commonly delivered via email.

To ensure your data is protected, you should constantly test your security posture. There are some great online tools available. One of them, focusing on email breach and attack simulation can be launched here.

Read more
One-Drive
Rotem Shemesh
Rotem Shemesh
4 minutes & 40 seconds read · September 23, 2019

The Ins and Outs of Securing Your Enterprise OneDrive

OneDrive’s 115 million monthly active users agree; the accessibility to all your work-related assets at any time from anywhere is an invaluable productivity boost.

However, with all their benefits, OneDrive and competing platforms are quickly becoming a breeding ground for vulnerabilities and attacks. Businesses tend to mistakenly assume that OneDrive, Box, Google, DropBox, and other enterprise-grade cloud sharing platforms are very safe. And although all those cloud services have top-notch, stringent cybersecurity checks and policies in place, they cannot cover all bases. In other words, their security is not bullet-proof.

The Irresistible Appeal of Cloud-based File-sharing Systems

The ability to work from anywhere, at any time, makes companies more global and connected than ever before. Forty-two percent of organizations believe that providing access to data at anytime is the main driver for cloud adoption. To support this claim:

The Pros and Cons of Working from OneDrive

The advantages of using OneDrive in a business environment are pretty well known. To recap:

  • Easy organization: Employees can store any files (including documents, photos, and video) and access them from any device
  • Close collaboration: Multiple people can collaborate in real-time from anywhere in the world, at any given time
  • Synchronization: automatically backed up and synchronized on any device
  • Integration with office tools: OneDrive easily integrates with the entire enterprise technology stack
  • Policy enforcement: Having everything on a single platform enables centralized management and policy enforcement
  • Data governance: Data is stored and managed from a centralized platform
  • Visibility: Storage management is easy, with full visibility into what is going on

 

Despite the many pros, the ability of enterprises to keep their files safe in a cloud storage platform such as OneDrive is often questioned. According to Cloud Security Alliance, over 50% of IT and security professionals believe cloud storage is the riskiest cloud app category. Most commonly voiced concerns include:

  • External sharing: OneDrive for Business has the built-in functionality of sharing documents, folders, and other content with external users. If sharing with external users is enabled, an organization’s security team loses control over what shared files contain, exposing the enterprise to potential attacks.
  • User error: Cloud sharing platforms remain the number one targeted platform for hackers, and user error in global security settings can easily lead to a breach.
  • Violation of trust: According to Verizon, 28% of security attacks involved individuals with authorized access to company data. Cloud sharing makes insider threat ever more dangerous since the whole point of those platforms is ease of access to enterprise assets and resources.

 

But there is plenty to be done to make your OneDrive more secure.

How to Secure your OneDrive

Step 1: Cover the Basics

In cybersecurity, the most trivial and “obvious” measures often prove themselves to be the most effective. As a matter of policy, ensure that everyone in your organization:

        1. Creates a unique and robust password.
        2. Enables 2FA authentication, preferably with the use of a secure factor such as biometrics.
        3. Adds additional security and recovery info to their Microsoft account: users can add password recovery and security information, such as a phone number, an alternate email address, and a security question. That way if the user’s account ever gets hacked, Microsoft can use security info to verify your identity and help resolve the issue.

Step 2: Carry out Frequent Breach and Attack Simulations

Breach and attack simulations (BAS) take the saying “if you want to stop a hacker, think like a hacker” to the next level. BAS goes beyond pentesting and threat hunting. By automatically and continuously simulating attacks on an enterprise, IT teams can catch misconfigurations, errors, and security holes that would otherwise be missed.

The new generation of BAS tools make it possible to continuously test your security posture in a fully-automated and systematic way, ensuring that a real hacker doesn’t catch you off guard.

Step 3: Invest in a Content-Centric Cybersecurity Tool

To ensure that anything that is shared through your enterprise’s OneDrive is safe for your users to click, it is imperative to have a security tool built specifically for that purpose.

Most security tools are only capable of catching known exploits and vulnerabilities, and are only able to intercept an attack when it is already well underway. In addition, these tools typically offer a limited ability to guard against Zero Day exploits and unknown threats.

To protect the enterprise in the hyper-connected cloud world, security experts need tools capable of proactively detecting attacks. The approach should be pre-delivery, not post-exploit. Preventing exploits, ransomware, spear-phishing, and Zero Day attacks contained in files and URLs before they reach the end-user is the only way to keep enterprise environments secure.

Stay Safe in the Cloud

As organizations are increasingly relying on OneDrive and other cloud sharing platforms, the wider the possible attack surface becomes. As content-bourne attack vectors proliferate, organizations need a holistic solution capable of guarding their assets in the cloud against advanced cloud-based threats.

BitDam’s solution was built to detect advanced content-bourne attacks and therefore provide remarkably higher protection for cloud-based sharing platforms. Based on an advanced application whitelisting technology, and requiring no configuration, BitDam determines whether a given file or web link is safe to click, regardless of the specific malware it may contain. As such, it does not require security updates, feeds, reputation, or intelligence services in order to detect never-seen-before attacks.

Start a free BitDam trial for OneDrive!

Read more
How to Set Up a Breach and Attack Simulation
Roy Rashti
Roy Rashti
4 minutes & 2 seconds read · September 12, 2019

How to Set Up a Breach and Attack Simulation

How easy is it for a threat actor to get into your network? Well, many IT security pros will have to reluctantly admit that they don’t really know how well their security is actually working.

Until recently, enterprise security teams had limited tools for assessing the potential damage of a cyberattack. Even with regular pentesting, vulnerability assessments, security audits, red team testing, and threat hunting, it isn’t always possible to get an ongoing and comprehensive picture of your organization’s overall security posture. That’s why the new generation of security tools, incorporating Breach and Attack Simulation (BAS) technology, were developed.

BAS technology tests a network’s cyber defenses by simulating cyber attacks. It deploys hacker breach methods and tactics in a business context, eliminating guesswork from a network’s cybersecurity defenses. BAS solutions are fully automated and ensure that cybersecurity controls are working as expected by continually monitoring networks and systems.

What are the Advantages of BAS?

Modern enterprise networks are complicated. While manual penetration testing and threat assessments have their place, an automated BAS that looks at your network from the hacker perspective is invaluable in assessing the effectiveness of an organization’s security posture.

By simulating a real attack on a network and deploying threat actor tactics to breach an organization’s defenses, BAS technology continually monitors and tests the robustness of security controls. It doesn’t sleep, rest or stop, unlike other security testing methods and threat assessment techniques that typically rely on manual methods, and are deployed to identify vulnerabilities in a specific timeframe. BAS, on the other hand, continuously highlights critical exposures in a network, ensuring zero time-lapses between testing.

Cyber attack simulation can provide actionable and prioritized remediation to address any identified weaknesses. By having a clear set of priorities, your security team can patch the critical vulnerabilities first, before moving on to lower priority maintenance issues.

Enter BitDam’s Email-Centric Breach and Attack Simulation

What if there was a BAS tool that could help you assess how vulnerable your organization is to email cyberattacks and have a centralized dashboard that helps you gain full visibility into your results? Moreover, what if it was capable of identifying the most sophisticated and camouflaged attacks that bypass most other security solutions?

  • BitDam Breach & Attack Simulation identifies the most sophisticated attacks that are out there, including the ones that might show up next
  • BitDam’s dashboard, helps users gain visibility into the Breach & Attack Simulation results within a few minutes of signing in
  • View the current level of email protection, the types of cyberattacks to which you are vulnerable, and the type of threats that you are protected from
  • BitDam’s BAS tool is easy, and fast to set up; it only needs a single email address to successfully run an attack simulation on an entire organization
  • And the best part? BitDam’s Breach & Attack Simulation is a free tool that offers the most advanced email malware simulation IP across the industry

How to Set Up BitDam’s BAS Tool

BitDam’s BAS tool is easy to set up in just a few simple steps.

 

      1. Pick an email address that you would like to simulate an attack on.
      2. Configure the forwarding rule in your inbox from the configuration screen.
      3. Hit the ‘Play’ button, and BAS tool will start working.
      4. The attack simulation tool will send out emails containing malicious attachments from different attack categories and risk levels, including:
      • Sandbox evasion techniques: malware and malicious programs can recognize if it’s inside a sandbox and won’t execute their malicious code until they’re outside of the controlled environment.
      • Formula injection: embedding untrusted input inside CSV files, and the malicious code will execute when the CSV file is opened by the user
      • Obfuscation techniques: a technique that tries to obscure the presence of malware in the system by making binary and textual data unreadable or hard to understand
      • Process launch: attacks that base their initial malicious execution on launching processes outside the application space
      1. Once the simulation is complete, a short overview of your security posture will be given along with the option to view dashboard where you can access a more detailed report.

How BitDam’s Email-Centric BAS Tool Can Help

Malware and attack methods are constantly evolving, and it is extremely difficult for security teams to ensure ongoing protection. That’s why having a BAS tool that simulates attacks automatically and evaluates security gaps quickly and continuously, is invaluable.

BitDam changes the way cybersecurity solutions operate. BitDam’s Email-Centric Breach & Attack Simulation lets you assess your vulnerability to email based cyber attacks.The tool features easy, fast deployment with no need to modify existing processes, policies, or rules, and provides full visibility and actionable information on a centralized, easy to read dashboard.

Try it now for free!

Read more
Pages:

Schedule a Demo

Enter your email to get a free trial invitation