Search This Blog

Showing posts with label Cyber Threat Intelligence. Show all posts

Business correspondence in messengers and social networks poses a cyber threat to companies

Experts believe that screenshots of work correspondence sent by company employees to third parties may fall into the hands of fraudsters. Such actions lead not only to reputational and financial risks for companies, but also to the risk of cyber threats.

"If the phone numbers of colleagues are visible in the correspondence, attackers can use this information: for example, for hacking, spam, data mining with the help of social engineering", says Alexander Tikhonov, general director of the SAS Russia/CIS IT company.

Kaspersky Lab said that the risks of cyber threats for companies became more relevant after the transition to remote work, since office workers began to use shadow IT more often for business correspondence that was not approved by the company.

"Employees are increasingly using personal gadgets, as well as programs installed on them, for personal use for work purposes," the company explained. Thus, 59% of Russians use personal mail to solve work issues, 55% communicate at work in messengers that are not approved by IT departments, and they admit that with the transition to a remote employment format, they began to do this regularly.

According to AlfaStrakhovanie analytical center, more than 60% of Russians send screenshots of work correspondence in messengers or post them on social networks. Moreover, 43% of respondents said that their company uses one of the standard instant messengers for corporate communication, and 23% responded that their company does not regulate the method of communication at all.

"People tend to think that social networks are not dangerous, that they are surrounded only by friends in the digital space," said Pavel Adylin, executive director of Artezio. He emphasized that the problem can only be solved by gradually improving the level of literacy and digital security of the business.

Russian researchers developed methodology to predict cyber risks

 Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the "smart intersection" test bed (a component of smart transport system of smart city).

It should be reminded that St.Petersburg participates in the formation of Smart City program, which will provide new services for the residents of megacities, increasing the safety of citizens. Digital services are an integral part of such system.

Experts explained that cybercriminals have new goals: to disrupt the functioning of large enterprises and urban infrastructure, as well as to intercept control over them. Attackers using wireless channels can remotely penetrate a target subnet or device, intercept traffic, launch DoS attacks and take control of IoT devices to create botnets.

"At present, traditional cyber risk analysis strategies cannot be directly applied to the construction and assessment of smart city digital infrastructures, as the new network infrastructure is heterogeneous and dynamic," said Vasily Krundyshev, a researcher at the Institute of Cybersecurity and Information Protection.

At the same time, he stressed that the purpose of this project is to provide the level of protection of information assets of the smart city taking into account specific features of modern cyber threats.

The methodology of cybersecurity risk analysis of the smart city includes the stages of assets type identification, threat identification, risk calculation and analysis of obtained values. The proposed methodology is based on a quantitative approach. At the same time, according to scientists, it is easily and quickly calculable, which is especially important in conditions of modern dynamic infrastructures.

Experimental studies using a set of developed simulation models of typical digital infrastructures of a smart city (Internet of Things, smart building, smart intersection) have demonstrated superiority over existing Russian and foreign counterparts.

It is interesting to note that earlier St. Petersburg scientists created an innovative installation for cleaning water reservoirs.

TruKno TTP based Threat Intelligence Platform

TruKno’s ThreatBoard is a platform that helps security professionals uncover the root causes behind emerging cyber-attacks, Improving proactive defense postures..

TTP Based Threat Intelligence

Trukno, a Community-based Threat Intelligence Platform uncovering the root causes behind the latest cyber-attacks, is set to release their open-access beta December 22nd.

Every second a new attack in cyberspace takes place, according to a report by Acronis, 32% of all major companies are attacked at least once a day. Unless the outcome of these attacks are notable (like the FireEye breach), the reports of these attacks often get buried in the never-ending flow of new cyber information. These reports, when in the hands of the right people, oftentimes contain valuable intelligence on the Tactics, Techniques, and Procedures used by adversaries. This knowledge can help cyber defenders better assess risk and take proactive measures to prevent these same attack techniques from being effective against their organization. It can give valuable insights on where to funnel resources for more effective defense postures.

Hunt Smarter, not Harder.

Traditionally, uncovering root causes and criteria behind emerging cyber attacks is done in one of two ways:

    1. Manually scrolling through vendor blogs, government reports, and news outlets to find long-winded reports of cyber-attacks (trivial & time-intensive)

    2. Getting hand-curated, confidential reports from your threat intelligence team (requires multiple employees dedicated full-time to threat analysis)

The thing is, cyber security professionals rarely have time to do the manual sourcing, and even if they did, there is no certainty they would be able to find that one attack report that is relevant to their situation. Additionally, Threat intelligence analysts are in high demand and low supply, making them reserved for only the most mature security operations. 

TruKno’s AI engine ensures with a high level of confidence that not breach, campaign, or attack report goes unnoticed. It is actively keeping a pulse on the industry’s leading intelligence sources, identifying critical reports in real-time. TruKno’s analyst team then does manual analysis on these reports, identifying affected industries, technologies, actors, malware, and more. Most importantly, TruKno analyses these cyber-attacks through the lens of the MITRE ATT&CK Framework, offering a universal lexicon and database of observed threat techniques. 

TruKno wants to make TTP-based threat intelligence the foundation of any organization’s (or individual’s) Security posture. 

E Hacking news had a discussion with TruKno’s Founding Team: 

Manish Kapoor (Founder & CEO), Ebrahim Saed (Co-Founder & CTO), and Noah Binstock (Co-Founder & COO), in which we talked about the importance of TTP-Based Security and their upcoming beta release on the 22nd.

Manish Kapoor discussed the origins of TruKno:

 “Trukno was founded with the mission of arming security professionals with the information they need to keep us safe. The name itself is a translation of Gyaan, or True Knowledge. It is the clarity that comes from knowing the right information, at the right time.”

Before Founding TruKno, Manish spent 10 years helping the world’s largest service providers better understand the evolving threat landscapes to build better cybersecurity solutions for their customers. 

“My job required me to always be up to date with the latest emerging attacks, but there was no way for me, as a busy professional, to quickly and accurately stay up to date with new adversarial techniques and procedures. I knew there had to be a better solution than scrolling through hundreds of articles a day.”

Manish commented on the ‘gray-space’ between advanced intelligence tools reserved for advanced analysts at mature security organizations, and tools available to the cyber security community as a whole.

“There are a lot of incredible intelligence tools out there. The issue is, they are reserved for a very select group within the industry due to price point and complexity. Cyber security is a team sport, and a winning team is built up of individuals. There is a need for universal tools that can benefit all security stakeholders.”

Noah Binstock, Head of Operations at TruKno, also commented on their mission and the power of accessible intelligence.

“Informed decision making starts with having a full understand of the subject matter, this is true no matter what industry you are in. People are at the core of cybersecurity, and it is our mission to arm them with the tools they need to make the best decisions on behalf of us all.”

TruKno built its foundation off of the MITRE ATT&CK Matrix, a globally accessible knowledge base of adversary tactics and techniques based on real-world observation.

“We are seeing MITRE ATT&CK become a staple in many security organizations, and we align very closely with their mission of empowering the cyber community as a whole. We use the ATT&CK Framework to offer a common lexicon for all defenders”

Ebrahim Saed, the CTO of TruKno, is at the core of TruKno’s technical capabilities, allowing TruKno users to access an infinite database of cyber intelligence with no load time on the user end. He commented on the importance of responsive & user-friendly interfaces when it comes to intelligence.

“Gathering the intelligence is one thing. The real differentiator is making this critical intelligence instantly available, all at the users fingertips.”

Ebrahim is currently developing a mobile application for TruKno as well, enabling users to access real-world intelligence anywhere anytime. 

The Product:

Since its founding in October of 2018, TruKno has interviewed over 500 cybersecurity professionals, from Threat Analysts to CISOs, working in close collaboration with the cybersecurity community during product development. Here is what they are unveiling:

CyberFeed: 

Trukno’s CyberFeed is a free, customizable cybersecurity news manager to help the community easily access and organize the industry’s top intelligence and news channels. Access key articles while avoiding information overload. 

ThreatBoard: 

TruKno’s Threat Intelligence platform, ThreatBoard uses an AI engine to identify cyber-attacks as they are first reported on the web. They are then broken down by TruKno’s analyst team, extracting & curating key information, affected Industries, Technologies, Actors, Malware, and more. Additionally, Techniques behind these latest breaches are documented and paired with MITRE’s ATT&CK Framework, enabling users to identify potential risks to their organization based off of real-world observations. 

Upcoming Features: 

    • TruKno has already developed team collaboration functionalities, enabling users to securely collaborate on intelligence from Threatboard with their teams. They are waiting for key user feedback before they release team collaboration (TeamBoards).

    • Cyberfeed is currently being developed to allow users to upload their own source URLs, social media intelligence feeds and more. Sharing functions will also be enabled to empower the security community to easily share valuable resources.

    • TruKno is actively finding new ways to present the data being extracted from these reports and are currently improving interoperability between Threatboard analysis and the MITRE Organization’s ATT&CK Framework. 

    • TruKno’s AI effort, led by Dr. Rob Guinness, is constantly improving, automating more and more analysis, meaning more insights.

    • The team is currently working with key industry stakeholders to enable API integration with TruKno’s intelligence data, enabling more actionable intelligence for security teams.

Hunt Smarter, Not Harder

In short, TruKno’s goal is to help the cyber security community get the intelligence they need to help keep us safe. TTP based threat intelligence is a valuable lens for all security professionals, and they hope that their tools can help make it a community staple.

The TruKno Open beta is live at  www.TruKno.com