New Technology Implementations for Financial Institutions

New Technology Implementations for Financial Institutions

By: Alex Shanteau, Security Engineer, MAD Security | March 28, 2019 A never-ending war is being waged between malicious actors and cybersecurity specialists. In order to stand their ground, defenders must constantly develop new and innovative ways to protect their networks. Purchasing a new security solution can often turn the tide of battle in the defender’s favor, but there are many considerations before blindly buying into the latest and greatest technology. One challenge in particular is understanding the amount of resources needed to properly research and implement new technologies or features.  Small and midsize businesses, such as community banks and credit unions, often underestimate the time, effort, and expertise needed to properly implement new technologies. The often-lengthy transition period actually can decrease your organization’s security posture, introducing additional attack vectors and causing compliance issues. For a simple example think about a firewall upgrade project.  For many years this meant, at an extremely simple level, you block bad traffic and allow good traffic.  Now you want to implement the newest next generation firewall (NGFW) technology, which comes with additional feature such as Intrusion Detection System, Identity Awareness, VPN, and other complimentary functions.  From a complexity standpoint you have just gone from managing basic rules controlling access to managing multiple complex functions that can introduce vulnerabilities if not fully researched and expertly implemented in your environment. When implemented correctly, these features will of course increase your overall security posture.  When we conduct firewall health checks, however, we find that these new features have often been configured improperly.  In the case of using a NGFW as a VPN, for example, an incorrectly...
Mobile Security Defenses

Mobile Security Defenses

By: Jeremy Klinzak, Security Engineer, MAD Security | February 7, 2019   Mobile device security is an important part of securing IT assets for companies today. These devices are some of the most exposed parts of IT infrastructure, as they go everywhere the employee goes. Common threats to mobile devices include malicious applications, malicious advertisements, sideloading, and rogue access points. Fortunately, Mobile Device Management (MDM) solutions exist and serve as a means to simplify the process of securing and managing employee mobile devices. MDM solutions can assist in preventing mobile device compromise and empowers organizations with the ability to respond to security incidents such as a stolen or infected mobile device. In the sections below I will explain some of the common features of MDMs and the threats they can help mitigate. Before reviewing MDM solutions, let’s first analyze the most common threats to mobile devices and discuss developing a Mobile Device Policy.   Common Methods of Infection   There are three common methods that malware infects mobile devices. The three common methods are malicious or infected applications, malicious advertisements or phishing, and sideloading. MDMs can assist in preventing all three methods. Let’s explore these to detail how the devices can become infected and how MDMs can assist in protecting them.   Malicious or Infected Applications   Sometimes attackers manage to upload malicious applications to iOS and Google Play stores posing as harmless software. Attackers can also infect previously safe applications. In 2017 attackers hacked the popular application CCleaner’s distribution servers[i]. This allowed attackers to inject malicious code into the application and infect any device that installed CCleaner after...
Ransomware Defenses

Ransomware Defenses

By: Scott Busby, Security Engineer, MAD Security | February 1, 2019   The name ransomware comes from a not particularly clever combination of the words “ransom” and “malware”. First seen in 2013, ransomware is a type of evolving malware that attempts to encrypt files on a target system and make them unusable for the victim. The attacker then informs the victim that for a hefty fee (often paid in Bitcoin) they can regain access to their data. Losing access to data can be a showstopper for businesses, and for individuals with important photos or documents; it can also be emotionally devastating.   Victims essentially only have three options for getting their data back. The first and most obvious option is to just pay the ransom. Not only is this option costly, but you have no guarantee that the attacker will actually decrypt your data after receiving payment. The second option is to discover the private key that the attacker used to encrypt your data. In most instances this isn’t really an option, however there have been some cases of attackers hardcoding decryption keys that have been documented, but for the most part, brute forcing the private key used to decrypt the data would require nation-state level resources and a long-time commitment. The third and best option (if available) is to just simply restore the data from a backup. In this scenario, having a backup could save your company hundreds of thousands of dollars and reinforces just how critical backing up data is!   Although ransomware attacks have trended downward significantly since their 2013 debut, as much as 16,000 ransomware...
4 Common Cybersecurity Threats

4 Common Cybersecurity Threats

By: Alex Shanteau, Senior Security Consultant, MAD Security | January 3, 2019   As the untamed cyber threat landscape evolves in scope, sophistication, and reach, the risks organizations face will continue to increase not only in number, but in severity, and they are finding new ways to infiltrate your internal and external networks every day. In this blog post, we’ll take a look at some common threats you’re likely to see throughout 2019, and over the next several weeks we will go in-depth on prevention and mitigation of these types of attacks.   Sophisticated Phishing Campaigns   Most phishing attacks come in the form of email spam, tricking users out of their credentials, financial, or other sensitive information. Phishing emails have come a long way from the cliché Nigerian Prince scam. Most current phishing emails replicate an email you may think is completely normal and credible, and can come in a number of formats, from a LinkedIn request to a fraudulent invoice. These phishing emails are becoming ever more sophisticated, including the successful usage of multi-factor authentication, the inclusion of homographic domain names, and almost perfect impersonation of legitimate applications. This attack vector exploits the weakest link in the cyber defense chain – people – and can lead to devastation and sometimes catastrophic compromises for companies.   During a recent red team exercise we conducted for an enterprise-sized company, LinkedIn phishing requests were sent to targeted employees that were identified by combing publicly available information on the Internet. These users received an email asking them to join a group associated with their company on LinkedIn. When users clicked on the...
How to Build a Winning Cybersecurity Program

How to Build a Winning Cybersecurity Program

By: Cliff Neve, COO, MAD Security As a consultant I have had the opportunity to evaluate hundreds of organizations’ cybersecurity programs, which span the gamut from nearly non-existent to robust. The successful programs generally have very similar characteristics, which are addressed in an actionable step-by-step manner below. Step 1: Gain Executive Buy-In and Assign Responsibility Winning organizations have top-level support from senior leaders that understand the importance of cybersecurity, integrate cybersecurity risks with other business risks, and empower an individual in writing – and in reality – with the authority, responsibility, and resources to manage the cybersecurity program. Every successful cybersecurity program I have seen has a strong champion clearly designated and empowered to lead the program. Unsuccessful programs, on the other hand, typically possess fragmented or unclear lines of authority represented by fiefdoms resulting in destructive power struggles and ad hoc, chaotic behavior. Step 2: Conduct a Business Impact Analysis and Establish a Data Classification Guide The reason for investing in cybersecurity is to enable the organizational mission and protect organizational assets, so it is imperative to begin with documenting business functions and their requirements for system availability and data protection. For instance, an organization may have high availability system requirements for medical systems, 911 call centers, or bridge controllers where availability trumps confidentiality and integrity. In an HR system, on the other hand, confidentiality might overshadow the need for availability and thus if there was potential compromise, it would likely be a better decision to disconnect access from the network rather than risking data exfiltration. By assessing all requirements for information and information systems in a business...