Treating the underlying causes of healthcare’s cyber security symptoms
Chris Morales, our head of security analytics, shares his thoughts on security in healthcare. Through Vectra's own research as well as in the wider industry context, it's understood that the real threat is already in healthcare networks in the form of privileged access misuse; the growth in healthcare IoT devices is overwhelming and dangerous; and a majority of attacks occur due to negligence and a lack of security awareness by insiders.
Hackers target Pfizer exposing sensitive patient information
Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information. Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Cybercriminals Could be Coming After Your Coffee
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity—or even become entry points for attacks against enterprise assets.
These Are the Most Exploited Flaws by Chinese Hackers According to the NSA
The NSA has gathered enough cyber-attack data from Chinese hackers and has the list with the most exploited flaws. Oliver Tavakoli, our CTO, comments on the breadth of products covered by the list of CVEs.
Malicious SharePoint and OneDrive Links Are a Phishing Scammer’s Dream
Attackers are exploiting the rapid adoption of cloud-based collaboration services such as Microsoft’s SharePoint Online and OneDrive by leveraging them as a social engineering tool to trick users into clicking on malicious links, often for the purpose of wire fraud or supply chain fraud. Oliver Tavakoli, CTO at Vectra, agreed that these kind of phishing scams tend to be more successful since the email is sourced by an internal party, rather than being from an external party pretending to be internal, and the links to SharePoint or OneDrive files reinforce to the victim that this is an internal communication.
The Covid effect on cybercrime
With people’s health, jobs and finances all under threat, cyber monitors report an increase in e-mails enticing users to click on unsafe links, purportedly offering information on rising local case numbers, advice on safety measures, tips for claiming stimulus cheques, as well as alerts on coronavirus-linked investment opportunities or relief donations. Ammar Enaya, our Regional Director (METNA), talks about how ransomware, privileged access abuse, data loss and poorly configured services that create vulnerabilities are significant risks.
How cyber-attackers use Microsoft 365 tools to steal data
It’s been well documented that 2020 has seen a sharp rise in cyber-attacks, and almost no industry has been spared. Software tools, especially those that facilitate remote collaboration, have seen a surge in user engagement - but even these aren’t immune to the proliferation of cyber-attacks. Microsoft’s Office 365 is no exception, as explained in Vectra's 2020 Spotlight Report on Office 365.
NSA: Chinese Hackers Exploiting 25 Vulnerabilities
The U.S. National Security Agency (NSA) is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent. NSA analysts say China-backed hackers are targeting the U.S. Defense Department as well as America's national security systems and the private defense industry, using vulnerabilities as launching pads into networks, according to the alert.
Dealing With Insider Threats in the Age of COVID
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. Hitesh Sheth, our CEO, discusses how organizations can navigate the distributed workforce landscape when it comes to insider threats, and recommends security postures that anticipate the actual threats themselves by proactively detecting and responding to malicious behaviors that can lead to a data breach or theft.
NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
Trust in Remote Working Tools Declines as Need for Security Increases
As it becomes evident that the WFH model is going to be with us well into 2021 and there is a sense that many companies will not return to a pre-pandemic models of almost everyone working from an office all the time, longer-term and more sustainable investments into how employees connect to applications are being undertaken. Zero-trust and a bias toward cloud-native delivery of applications have become central to that direction.
NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers
The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.
How Organizations Can Do Their Part And Be CyberSmart Beyond National Cyber Security Awareness Month
October is Cyber Security Awareness Month, which was created to raise awareness around the importance of cybersecurity and provide organizations with resources to be safer and more secure online. Chris Morales, head of security analytics, shares his thoughts on security Microsoft Office 365.
Comment les cyberattaquants se servent des outils Microsoft 365 pour dérober les données des entreprises?
Microsoft 365 est en effet la plateforme adoptée par bon nombre de ces utilisateurs pour le partage de données, le stockage et la communication d’entreprise, ce qui en fait une cible particulièrement convoitée par les cybercriminels.
Comment les cybers attaquants exploitent Microsoft 365 pour s’emparer des données des entreprises?
Vectra, spécialiste de la « détection et réponse » réseau, publie une intéressante étude sur les menaces ciblant Office 365 et ses utilisateurs.
Barnes & Noble gets hacked; notifies customers of possible data breach
Barnes & Noble, American bookseller, has notified customers of a possible data breach that may have affected their personal information. Tim Wade, our Technical Director on the CTO Team, notes that incident response can be complex and messy, and the Barnes and Noble statement likely reflects that reality.
Barnes & Noble Investigates Hacking Incident
Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers' email addresses as well as billing and shipping addresses and telephone numbers. Tim Wade, our technical director on the CTO team, discusses how attackers are constantly looking to take advantage of any weak point in your security posture just to gain entry to IT infrastructure.
Microsoft Office 365 Accounts a Big Target for Attackers
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity. In new research, Vectra found that attackers are widely using Office 365 accounts to move laterally to other users and accounts within an enterprise, carry out command-and-control communications, and perform other malicious activities.
Vectra highlights how Office 365 tools are used in enterprise cyberattacks
With more than 250 million active users each month, Office 365 is the foundation of enterprise data sharing, storage, and communication for many organizations. This makes it a prime target for cyberattackers, who use Office 365's built-in tools and services to conduct breaches.
Vectra releases its 2020 Spotlight Report on Microsoft Office 365
Vectra's Spotlight Report on Microsoft Office 365 analyzes the usage patterns and behaviors of attackers within Office 365 services and tools. Ideally, when security teams face attacks within their Office 365 environments, they will have solid information and expectations about SaaS platforms to easily pinpoint and mitigate malicious behaviors and privilege abuse.
Cybercriminals are stealing data using Microsoft’s Office 365 tools, Vectra
According to Vectra's Spotlight Report on Microsoft Office 365, cybercriminals can launch attacks that are far more sophisticated targeting legitimate tools and services such as Power Automate (an application which lets users create custom integrations and automated workflows between Office 365 applications), Microsoft eDiscovery (an electronic discovery tool that searches across Office 365 applications/data and exports the results), and OAuth (an open standard for access authentication).
Poor identity controls allow attackers to exploit Office 365
Vectra's Spotlight Report on Microsoft Office 365 showcases how Office 365 is attractive to cybercriminals because it provides a single gateway to infiltrate multiple applications. Matt Walmsley discusses how attackers utilize internal phishing, among other techniques, to perform lateral movement privilege escalation and reconnaissance behaviors.
Troubled by Security Risks Posed by Avionics Systems, GAO Urges FAA to Boost Oversight
Airplane manufacturers have cybersecurity controls in place and there haven’t been reports of successful cyberattacks on commercial airplane IT systems to date, but evolving cyber threats could put future flight safety at risk if the FAA doesn’t prioritize oversight. Tim Wade, technical director of the CTO Team at Vectra, says it’s encouraging that technology has evolved to the point where previously unconsidered attack vectors are possible and relevant, highlighting that security has become an ongoing – not just a point-in-time – activity.
Cybercriminals are using legitimate Office 365 services to launch attacks
Vectra's new Spotlight Report on Microsoft Office 365 enumerates the leading suspicious behaviors that occur when cyberattackers infiltrate an organization.
The case for behavior-based threat detection
Ammar Enaya, Regional Director – METNA, Vectra, explains how focusing on attacker behavior can improve threat detection. By combining data science, machine learning and behavioral analysis, automated threat management detects malicious behaviors inside the network, regardless of the attacker’s attempt to evade signatures and whether it’s an insider or outsider threat.