Data is Critical for Proper Information Security Monitoring Researchers rely on data from multiple sources before they announce their findings at a worldwide conference. Doctors rely on data from multiple tests before they make a diagnosis. It’s difficult to get a comprehensive view of any situation without data – and not just one source. Multiple […]
Prioritizing resources and effort to improve the overall security posture and incident readiness of any organization is an arduous but necessary task. No organization has unlimited funds and resources; in fact, the truth is quite the opposite. Fully exploiting threat intelligence can help IT professionals make decisions about best utilizing available resources. With respect to […]
ZeroAccess (also known as Sirefef) is a peer-to-peer (P2P) botnet for perpetrating advertising click-fraud. It was disrupted by law enforcement in December 2013. The Dell SecureWorks Counter Threat Unit™ (CTU) research team observed the botnet reactivate from March 21, 2014 until July 2, 2014. On January 15, 2015 at 7:58 pm EST, the botnet again […]
Score: Fifteen-Love, Keeping Ahead of the Latest Threats By Col. (Ret.) Barry Hensley, Executive Director, Counter Threat Unit Research Group It’s not as if all the money you’ve spent on your recent added security controls has been a waste. However, with highly skilled, relentless adversaries, it’s near impossible to prevent a network breach in today’s […]
During an incident response engagement, Dell SecureWorks Counter Threat Unit™ (CTU) analysts observed lateral movement activities conducted by the adversary to establish a solid foothold within the compromised infrastructure. A remote access trojan (RAT) was copied to and installed on multiple systems as a Windows service, and was then executed via a scheduled task. Each […]
The holiday season isn’t all joy for retail stores. It’s also a time when cyber criminals redouble their efforts to attack sellers. Below are tips for retailers to help prevent network breaches. Make Security Awareness Training an ongoing process for everyone in your company as well as for your third-party vendors. Last year around the […]
Before you click, here are some home safety tips to make your online shopping more secure. You may not be able to protect your credit card information from getting stolen by a cyber threat actor, but you can limit the damage you incur. With the holiday season upon us, we’ve provided some tips below to […]
The motto “be prepared” can easily apply to your organization’s ability to respond to cyber threats. Not only does its response impact brand image, but if not done properly, the impact can be quite costly. In the 2014 Cost of Data Breach Study: Global Analysis, by the Ponemon Institute, the average cost to a company in 2014 was $3.5 million, 15 percent more than what it cost in 2013.
The media has reported that several companies in the past year have suffered significant security breaches, as a result of hackers compromising companies’ third party vendors. Instead of going after large organizations directly, some threat actors are opting to target smaller, third party vendors who do business with the larger companies. The criminals are hoping these third party vendors will have fewer security protections in place. If the hackers are able to break into one of these vendors, get their hands on the credentials the vendor uses to access the larger company’s network and successfully use those credentials, then the criminals have just gained their initial foothold into the target company— all under the guise of a trusted partner. From there, the hackers might go after valuable trade secrets and Intellectual Property, customer credit and debit card data, or Personal Identifiable Information for Employees and Customers (names, addresses, social security numbers, email addresses and phone numbers).
Many high profile security breaches occur when hackers target an organization’s weakest link: its people. Lack of basic information security awareness among employees has resulted in stolen organizational materials, intellectual property, and money.
Hackers don’t need to attack your organization directly – they can access vulnerabilities through partner groups as well because the weakness is the same – a lack of information security awareness among its employees. The impact to an organization’s finances, reputation, and operations cannot be ignored. Targeting the human element is a trend that Dell SecureWorks researchers and incident responders have observed increasing in popularity by hackers world-wide, from sophisticated state-sponsored groups to novice hackers.