Here you will find some hints, tips, and tools of the trade that I am interested in. Cyber Security is an ever evolving field and it’s important to stay on your toes and monitor for upcoming threats.
Recent Threats
Threat Actors Circumventing MFA
Threat actors are getting better at breaching your environment, even if you are utilizing MFA. Business email theft is one of the most prominent attacks on SMBs (small and midsize business).
A recent trend behind many email account compromises is the theft of your OAuth token. That is the key handed out by a service when you sign into your account. It’s that handy feature that allows you to access your respective account without logging into your browser every time.
Threat actors have ways to steal this token, malware or sophisticated web servers. You may be sent a legitimate looking document, run it, and have this token stolen. You may be presented with a phony sign-in portal and give them the token from the service of their choice.
The worst thing about this attack is it isn’t prevented with MFA methods. Usually you give the threat actors the keys to your kingdom via a fraudulent portal login screen.
It may look identical to the same portal you login to everyday, but it is hosted on a malicious web server, known as a Command and Control (C2) server. This server is intended to harvest your credentials. It will login to your account in real time, sending the login information to Microsoft, Google, and other popular services. You might even receive a prompt for your Multi-Factor Authorization (MFA), further legitimizing their attack. Once you enter your code or approve the push/phone call, the attacker will have full reign on your account and it’s data.
With aligning your business to heightened security posture and user education, you can mitigate and even prevent such attacks.
security posture Tips
Phishing Spotlight
We’ve all experienced an obvious phishing email, probably from a wacky email address and latent with broken English. You’ve probably trashed the email without giving it another thought. BUT, threat actors are ramping up.
What if you receive an email from your longtime vendor, informing that a recent shipment was being delayed. Attached is a PDF or a link to view the details. The sender address, signature, and email headers all check out. They may even have past emails that you’ve sent between each other.Would you click that link?
This is the embarrassing situation that can happen to your customers if your business email is compromised. When you are attacked it often spreads. Often hitting every contact you have in your inbox.
Always stay vigilant, don’t let it happen to you!
Cyber Security Tools
Open Threat Exchange Alien Vault is a thriving community of cyber security professionals. You can see up to date status on attacks and even review public IP addresses to review for related and potentially malicious web activity.
Virus Total is a great asset with a prompt community. You can upload files right into the site, it will check for valid signatures, and behavior to ensure you are not installing a virus. If this file has been seen before, and is known malicious DELETE it.
Abuse IPDB has a robust database of IP addresses that were potentially involved in malicious activity. You can report IPs associated with your own breaches, building it up even more.
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. If there’s newly identified vulnerability these folks set the rank on its impact.