exclusive
content

Industry 4.0 is bringing technological and innovative advantages to the manufacturing industry. AI, IoT, and RPA, for example, are transforming and streamlining the design, production and distribution of products. But these advancements also bring new challenges for manufacturers. This blog post highlights four of the most prominent ones—based on real experiences from Cato’s manufacturing customers—and…

The post The Top 4 Industry 4.0 Challenges and How SASE Helps Manufacturers Overcome Them  appeared first on Cato Networks.

Source: https://www.catonetworks.com/blog/top-industry-challenges-and-how-sase-helps-manufacturers-overcome-them/

Data Loss Prevention (DLP) solutions are essential for safeguarding valuable data. They scan traffic to prevent the transmission of sensitive information such as credit card details and personal identifiable information (PII) such as Social Security Numbers (SSNs). However, traditional DLP solutions are often complex to configure, manage, and operate. Setting up DLP policies typically requires…

The post Stop Data Loss in its Tracks with Cato DLP Enhancements   appeared first on Cato Networks.

Source: https://www.catonetworks.com/blog/stop-data-loss-in-its-tracks-with-cato-dlp-enhancements/

CISO is a high-profile position with high expectations – and the impact clock starts ticking day 1. At Cato, we’ve had thousands of conversations with CISOs from companies of all sizes across different industries – learning about what works, what doesn’t, and the strategies that boost proactive, visionary leadership.

The post Start strong: How CISOs make an impact from Day 1  appeared first on Cato Networks.

Source: https://www.catonetworks.com/blog/start-strong-how-cisos-make-an-impact-from-day-1/

In today’s rapidly evolving digital landscape, IT leaders, whether CIOs, CISOs, or VPs of IT, are responsible for driving a range of initiatives that enable business growth and success. Projects like cloud migration, hybrid workforce enablement, and SaaS adoption are now essential. However, these initiatives carry inherent risks that need to be carefully managed, especially…

The post Why IT Leaders Need DEM to Drive Success in the Hybrid Cloud Era appeared first on Cato Networks.

Source: https://www.catonetworks.com/blog/why-it-leaders-need-dem-to-drive-success-in-the-hybrid-cloud-era/

This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in The CTO Club Sausalito, Calif. – Nov. 14, 2024 With global cybercrime costs projected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures, organizations across industries are feeling the

The post Cybersecurity in Crisis: How to Combat the $10.5 Trillion Cybercrime Surge appeared first on Cybercrime Magazine.

Source: https://cybersecurityventures.com/cybersecurity-in-crisis-how-to-combat-the-10-5-trillion-cybercrime-surge/

This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Cloud Computing Magazine Sausalito, Calif. – Nov. 13, 2024 Microsoft 365 has become the backbone of critical operations for businesses of all sizes in various industries. According to estimates, approximately 345

The post Microsoft 365: Guide To Backup And Recovery. What’s At Risk. appeared first on Cybercrime Magazine.

Source: https://cybersecurityventures.com/microsoft-365-guide-to-backup-and-recovery-whats-at-risk/

This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in CyberOptik Sausalito, Calif. – Nov. 12, 2024 The best cybersecurity websites effectively communicate trust, expertise, and cutting-edge technology through their design and functionality, making them essential components of a cybersecurity company’s success,

The post 20 Best Cybersecurity Website Designs appeared first on Cybercrime Magazine.

Source: https://cybersecurityventures.com/20-best-cybersecurity-website-designs/

This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Mitnick Security Sausalito, Calif. – Nov. 11, 2024 Kevin Mitnick, the world’s most famous hacker, passed away on Jul. 16, 2023, but his namesake Blog is alive and kicking. A recent Mitnick Security post on

The post Ransomware Works And Is Here To Stay appeared first on Cybercrime Magazine.

Source: https://cybersecurityventures.com/ransomware-works-and-is-here-to-stay/

This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in The Motley Fool Sausalito, Calif. – Nov. 7, 2024 The Motley Fool reports that Tenable (NASDAQ: TENB) generated $227.1 million in revenue during the third quarter of 2024, a 13 percent

The post Cybersecurity Growth Stock to Buy During the Latest Market Sell-Off appeared first on Cybercrime Magazine.

Source: https://cybersecurityventures.com/cybersecurity-growth-stock-to-buy-during-the-latest-market-sell-off/

An office worker received an email that appeared to be from a vendor but was caught in quarantine and the user requested its release. It looked innocent enough, so an administrator released the email. The user clicked on the email to review the contents, which included an attached invoice.

That’s where the trouble started: clicking on the attachment launched a website that requested the worker’s username and password, which they dutifully entered. Unfortunately, there was nothing legitimate about the email, which was phishing for just such an opportunity.

But it got worse — the user had unwittingly given the attacker the ability to go one step further and launch an adversary in the middle (AiTM) attack, the ultimate business email compromise that seeks to gain entry to banking or other financial transactions. These attacks not only grab credentials, but they can also snare tokens to bypass multifactor authentication.

AiTM attacks are insidious and can have serious consequences

Several levels of security had failed, and the attackers were now able to infiltrate the network stealthily, impersonate the target and access email conversations and documents in the cloud.

“In a stolen session cookie replay attack, the attacker uses the valid stolen cookie to impersonate the user, circumventing authentication mechanisms of passwords and MFA,” Microsoft notes in its blog on the subject.

“In this campaign, we observed that the attacker signed in with the stolen cookie after a few hours from an IP address based in the United States…. In addition, the attacker generated a new access token, allowing them to persist longer in the environment.”

Once inside, attackers can add new authentication methods to bypass those already in place, often with the goal of building a rule to divert certain mail so that the user or owner of the mailbox doesn’t see it being sent.

Preventing AiTM attacks requires a combination of techniques

To prevent AiTM attacks, Microsoft recommends using security defaults as a baseline set of policies to improve identity security posture. For more granular control, you’ll want to enable conditional access policies; implementing risk-based access policies is particularly helpful.

“Conditional access policies evaluate sign-in requests using additional identity-driven signals like user or group membership, IP location information, and device status, among others, and are enforced for suspicious sign-ins,” according to Microsoft.

“Organizations can protect themselves from attacks that leverage stolen credentials by enabling policies such as compliant devices, trusted IP address requirements, or risk-based policies with proper access control.”

Invest in advanced anti-phishing solutions as a front-line defense, specifically solutions that monitor and scan incoming emails and visited websites. Ensure that you use SmartScreen and other technologies that block malicious websites.

Investigate suspected malicious activities, hunting for sign-in attempts with suspicious characteristics and enable rule sets that look for unusual activity or other more obvious attack processes that identify risky locations, malicious ISPs, unusual user agents, and the use of anonymizer services.

Investigation and clean-up after an AiTM attack

While Microsoft’s AiTM blog discusses what you should do to prevent business email compromise, it’s a bit weak on the specifics of how you should investigate and clean up after the potential attack.

You want to ensure your log files for Microsoft 365 are offloaded to a security event and incident management (SEIM) platform and review the Entra or Azure sign-in logs with interactive and non-interactive logins and review any location that isn’t “normal.”

Note that if the user is on a cellular connection, location may be difficult to determine as normal and may differ geographically from the IP addresses you are used to. It may take some time to correlate what the user was doing and what device they were logging on to. Ensure that you interview and correlate the dates, times, and events with what the user was doing and document accordingly.

Then download the Unified Audit logs at http://compliance.microsoft.com. From here you can investigate what the attacker did, especially if you have a subscription to the full Microsoft 365 suite that includes OneDrive and Teams.

You’ll want to review activities in Outlook, Teams, SharePoint, OneDrive, Power Automate, and any other corporate assets that the user had access to. Ensure that you obtain the logs and keep them for the compromised user in your SEIM or other device.

Determine the depth and severity of the attack

Depending on the impact of the attack, start the cleanup process. Start by forcing a password change on the user account, ensuring that you have revoked all tokens to block the attacker’s fake credentials.

If the consequences of the attack were severe, consider disabling the user’s primary account and setting up a new temporary account as you investigate the extent of the intrusion. You may even consider quarantining the user’s devices and potentially taking forensic-level backups of workstations if you are unsure of the original source of the intrusion so you can best investigate.

Next review all app registrations, changes to service principals, enterprise apps, and anything else the user may have changed or impacted since the time the intrusion was noted. You’ll want to do a deep investigation into the mailbox’s access and permissions. Mandiant has a PowerShell-based script that can assist you in investigating the impact of the intrusion

“This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity,” Mandiant notes. “Some indicators are ‘high-fidelity’ indicators of compromise, while other artifacts are so-called ‘dual-use’ artifacts.”

“Dual-use artifacts may be related to threat actor activity, but also may be related to legitimate functionality. Analysis and verification will be required for these.”

Mandiant does caution that the tool “will not Identify a compromise 100% of the time, or tell you if an artifact is legitimate admin activity or threat actor activity.”

OneDrive users should get an additional layer of scrutiny

If your user is accessing Microsoft’s OneDrive, you’ll want to check the file dates of files on the cloud storage to see if anything has been tampered with or impacted by malware. Check Power Automate and Power Apps to determine whether post-exploitation command and control or custom command and control has been set up for the user in question.

Next, ensure that the user’s single-sign-on impact has been limited and that you review the impact at http://myapps.microsoft.com. Then, as with consumer devices noted above, similarly verify that all registered or joined devices for the user are legitimate in http://admin.microsoft.com and http://entra.microsoft.com.

It’s strongly recommended that you implement Center for Internet Security settings based on the license you have. Some of these recommended settings cannot be done with the cheapest Microsoft 365 license and require a Microsoft 365 Business Premium subscription at a minimum.

Source: https://www.csoonline.com/article/3604557/how-to-defend-microsoft-networks-from-adversary-in-the-middle-attacks.html