Categories
breaches

Cybersecurity amidst Covid-19

Cybersecurity amidst Covid-19

breaches

cybersecurity amidst covid-19

Ever since the pandemic began, Marriott suffered a data breach affecting 5.2 million customers, and a ransomware attack forced Honda to shut down global operations. 2020 will be remembered as an year of a pandemic of global health crisis and cybersecurity as well.

Soon after the COVID-19 pandemic was announced, World Health Organization(WHO) has seen a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large.

There are numerous cyber attacks which came into light during this pandemic, Below are a few of them:

  • Marriott released a statement disclosing the information of 5.2 million guests that was accessed using the login credentials of two employees at a franchise property.
  • Twitter Bitcoin scam: Through a social engineering attack, later confirmed by Twitter to be phone phishing, the attackers stole employees’ credentials and gained access to the company’s internal management systems.
  • FireEye and SolarWinds supply chain attack.
  • 500,000 user accounts of zoom were on sale on the dark web.
  • Magellan Health: 8 Magellan Health entities and approximately 365,000 patients were impacted by the attack.
  • Finastra, which provides software solutions to worldwide financial institutions, including 90 of the top 100 banks globally, was the victim of a ransomware attack that disrupted operations and caused it to temporarily disconnect affected servers from the internet.

Now some questions to be answered by organizations, Is your organization’s network protection strategy as successful as it ought to be in the midst of these wild occasions? Furthermore, in case you’re not an employee but rather the owner of a private venture – typically someone with much less sophisticated cybersecurity protection – how does your online security is reliable?

The answer could be to accept the ongoing scenario learn lessons and get ready for what is coming. Cyber attacks will keep on occurring in future and a bitter truth is that they will become more sophisticated and critical.

Fireeye in their “Mandiant Security Effectiveness Report” mentioned that:

53% ATTACKS INFILTRATE UNNOTICED, 68% OF RANSOMWARE ATTACKS UNNOTICED, 91% OF ATTACKS DID NOT GENERATE AN ALERT

 

Organizations, business owners, employees, or individuals need to be aware about data security and privacy. With the surge in wide range of threats, companies should begin by reviewing the basics. Everyone should learn and understand social engineering attacks as humans are the weakest link in cyber security which has no complete patch. Organizations should conduct cybersecurity trainings for their employees on regular basis. Atleast employees should be able to distinguish between malicious and legitimate emails or calls and report them if they seem a bit suspicious, Proper access controls should be put in place too!

Tags :

covid-19, Cyber attacks, cyber incident, Cybersecurity, data breach, data theft

Share This :
Categories
General

Redteaming vs Penetration Testing

Redteaming vs Penetration Testing

General

bluefire redteam

There are various types of cyber security assessments that can be done in order to enhance the security of a given subject but when it comes to redteaming, things get much more intense ,sophisticated and serious .

Redteam Operations

While performing these operation the redteam brings an amalgamation of various aspects of information security to the table. They include Social Engineering ,Open Source Intelligence and deep reconnaissance in their arsenal when approaching targets. The reasons behind redteam’s versatililty is the team members . Members of a typical redteam will be having solid and deep knowledge as well as skills in particular domain in information security and each of them contribute equally to a redteam operation.

When an organization goes for a redteam operation, The team is just a normal user plugged in to their network, The teammates then escalate their privileges and perform lateral movements, The path is not simple as the team encounters various defense mechanisms deployed by the organization which they have to bypass.The redteams are very advanced in the way they simulate an adversary, and are very keen while performing anything in to the target network so that they don’t trigger the defenses and also the blue teams. The more customized we are the less chances of detections.

Redteam Operations realises an organization about the way they detect, respond and prevent a sophisticated attack, This gives an insight to them as in where to focus and learn lessons after completion of such operations, Which are being done in a controlled manner by a redteam.

Redteam vs Penetration Testing

Redteamers or redteams are often viewed under a grey shade due to their way of testing and sophistication. Let’s see how it is different from Penetration testing.

  • The operational approach of pentesting is often target-driven , By stating this we mean to say that the approach of conventional pentesting are often narrowed down based on the target (Web App ,Mobile App ,Networks etc) .
  • In pentesting we often look for vulnerablities ,misconfigurations that can be used for further escalations, As part of the pentest.
  • When it comes to Redteam Operations, The main purpose of a redteam is to stage the attack on a target similar to how an APT(Advanced Persistent Threat) would do and the scope of target of these operations are much larger than pentests.
  • Redteams are often hired by scientific facilities , institutes , corporate , government organizations in order to perform these operations.

Who should go for a redteam campaigns?

Request a free consultation for your business

Don’t take your cyber security for granted!

Our Methodology:

  • Before we could start an engagement, The first thing is having the right mindset inorder to approach the client, Which is an adversary’s perspective.
  • We first start by performing reconnaissance, Which is indeed the most important phase even in penetration testing, With this we identify as much information about the target as possible, Employees working in the assets and much much more.
  • We then try and find a specific vulnerability which could give us an initial access to any of their online assets, This is where it has a very thin line between pentesting and redteaming, This can be used for further escalations, We also go for a series of highly sophisticated social engineering attacks, Because the weakest link are the employees working there.
  • After gaining an initial foothold in their network, Maybe by a sales or an HR person’s system, We then maintain persistence and move laterally in the network, thereby escalating our privileges, So that we get to the most privileged asset where they have the most sensitive data present.

Who should go for a redteam campaigns?

  • Redteam Operation are not only limited to gaining access to sensitive data but also gaining physical access to places in the premises where only authorized persons are allowed, Therefore any organization who is also willing to get their physical security tested along with their present cybersecurity posture tested, Can also go for a redteam campaign.
  • Redteam campaigns are not only for IT companies, It can be performed in organizations/companies with mature security implementations already done, Also a completed Penetration testing which could give an insight about an existing security posture.
  • Having a right security budget and defined scopes are also very crucial, Generally redteams have a broader scope.
Tags :

Cybersecurity, pentesting, redteam

Share This :
Categories
breaches

SITA Breach: Air India Hack

SITA Breach: Air India Hack

breaches

Air india hack

Breaches are not new!, Many companies are potential targets of threat actors and, The same happened with SITA, Which included data breach of many airlines around the globe including Air India, The massive data leak was caused by a “sophisticated cyberattack” on Air India’s passenger service system provider SITA (Société Internationale de Télécommunications Aéronautiques) SITA is based out of Geneva in Switzerland.

On march 4, SITA rolled out a notification on their website about a security incident, In that they confirmed a cyber attack, And highlighted that:

SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers.

Air India then released a notification to the passengers, confirming the breach by writing

This incident affected around 4,500,000 data subjects in the world.

Request a free consultation for your business

Don’t take your cyber security for granted!

 

Now the question is, Do they really lack in their cyber security assessments? Or the way they operate their cyber security is not up to the mark? What I personally think is cyber incidents can happen any time, You never know who is targeting you, You need to be proactive! Also what if you are already hacked and you don’t know? Right assessments are to be performed! , Also in our personal experience, We found enterprises only relying on tools to figure out the right cyber security for them, Remember a tool with the right security guy is helpful in many situations!

Last thoughts:

I hope we learn lessons from such incidents and iteratively look for a better security posture each time.

Tags :

Cyber attacks, cyber incident, Cybersecurity, data breach, data theft, hacking

Share This :