Phishing Protections

Phishing Protections

By: Will Young, Director of Technical Testing, MAD Security | January 10, 2019   Protecting users from phishing attacks requires utilizing a defense in depth strategy. Users are the last line of defense against phishing attacks and are also unfortunately, the weakest.  Ideally, your other protections ensure that phishing emails never make it to your users to begin with. In order to understand how to protect against phishing emails, let’s walk through a few examples of an attacker sending out a malicious email to one of your users and discussing the different steps in the delivery process where we could prevent this from happening.   Impersonation Protections   SPF, DKIM, and DMARC records all help weed out phishing emails that attempt to impersonate another organization. When configured by an organization, these records essentially dictate who is allowed to send emails on behalf of that organization.  Anyone sending an email attempting to impersonate an organization with these records will likely have their email rejected by most modern mail servers.   SPF Records   At a basic level, SPF (Sender Policy Framework) records establish a method for receiving mail servers to verify that incoming email from a domain was sent from a host authorized by that domain’s administrators. SPF records are TXT records that are configured on an authoritative DNS server for the sending domain.   Let’s suppose that your company’s domain name is “globalcorp.com” and let us also suppose that an attacker attempts to send an email from “[email protected]” to one of your employees using an SMTP server that is owned by the attacker. When your company’s mail server receives...
4 Common Cybersecurity Threats

4 Common Cybersecurity Threats

By: Alex Shanteau, Senior Security Consultant, MAD Security | January 3, 2019   As the untamed cyber threat landscape evolves in scope, sophistication, and reach, the risks organizations face will continue to increase not only in number, but in severity, and they are finding new ways to infiltrate your internal and external networks every day. In this blog post, we’ll take a look at some common threats you’re likely to see throughout 2019, and over the next several weeks we will go in-depth on prevention and mitigation of these types of attacks.   Sophisticated Phishing Campaigns   Most phishing attacks come in the form of email spam, tricking users out of their credentials, financial, or other sensitive information. Phishing emails have come a long way from the cliché Nigerian Prince scam. Most current phishing emails replicate an email you may think is completely normal and credible, and can come in a number of formats, from a LinkedIn request to a fraudulent invoice. These phishing emails are becoming ever more sophisticated, including the successful usage of multi-factor authentication, the inclusion of homographic domain names, and almost perfect impersonation of legitimate applications. This attack vector exploits the weakest link in the cyber defense chain – people – and can lead to devastation and sometimes catastrophic compromises for companies.   During a recent red team exercise we conducted for an enterprise-sized company, LinkedIn phishing requests were sent to targeted employees that were identified by combing publicly available information on the Internet. These users received an email asking them to join a group associated with their company on LinkedIn. When users clicked on the...
The Marriott Breach: Lessons Learned for the Hotel Industry

The Marriott Breach: Lessons Learned for the Hotel Industry

By: Alex Shanteau, Senior Security Consultant, MAD Security | December 19, 2018 The massive breach of the reservation system for Marriott’s Starwood subsidiaries is no doubt one of the largest breaches to date and highlights some of the most prevalent security challenges for the hotel industry. As consolidation continues amongst hotel chains to achieve scale across more geographies, the likelihood of these types of breaches will continue to rise. In this post, I’ll analyze what exactly happened and how other hotel chains can avoid such breaches. On November 30, 2018 Marriott announced that “On September 8, 2018, (Marriott) received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database…Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.” Four years, that’s how long the attackers had been in their network. Technical details about the compromise were not disclosed, but I wonder if they just installed a monitoring tool and when they turned it on, they managed to finally see the indicators of compromise, or perhaps the attackers had been in the network for that long but hadn’t attempted to access or exfiltrate data. My next question is what’s the damage? “contains information on up to approximately 500 million guests” That is a lot of people, even larger than the Equifax breach at 148 million people.  So what kind of data did the attacker access? “the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date,...
Hot Button Cybersecurity Issues 2018

Hot Button Cybersecurity Issues 2018

By: Cliff Neve, COO & Managing Partner, MAD Security and Ellen McCarthy, Managing Director and Chief Compliance & Risk Officer, VMS, LLC.   This article highlights the criticality of effective cybersecurity programs in light of recent incidents and regulatory scrutiny by such entities as the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the New York State Department of Financial Services (NYDFS), among others.   In a very recent incident, between August 21, 2018 and September 5, 2018, a data breach occurred at British Airways. Cybercriminal hackers were able to gain access to British Airways systems, stealing names, email addresses, and credit card information (including credit card numbers, expiration dates, and card verification codes) relating to approximately 380,000 transactions in which British airways customers made or changed bookings on the British Airways website.   To combat such cybersecurity incidents, the SEC, FINRA, the NYDFS, and other regulators have undertaken the challenge of evaluating the readiness of regulated entities such as investment advisors, investment companies, broker-dealers, banks, insurance companies, trust companies, and transfer agents to prevent cyberattacks and mitigate cyber risk. The regulators have issued guidelines designed to help transfer agents and other companies guard against attack, mitigate financial and reputational risk, and avoid enforcement action and regulatory fines. For the last several years, the SEC and FINRA have included cybersecurity among their top five examination priorities. Further, the NYDFS enacted 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies, noting specifically:   “Given the seriousness of the issue and the risk to all regulated entities,...