What Goes Around, Comes Around With Cyber Threats

Spanish philosopher, essayist, poet and novelist George Santayana is credited as saying “Those who cannot remember the past are condemned to repeat it.” No truer words could also be said for cyber security strategies. However, it seems that the cyber criminals are taking more advantage of this adage than cyber security professionals. It appears that hackers keep running plays from old cyber breach techniques that still land as successful. This in turn forces your IT security staff to remediate the damage instead of preventing it in the first place.

Past Breaches

In previous blogs we have covered the evolution of the various techniques employed by both cyber criminals to perpetrate chaos and by cyber security professionals to protect cyber assets. But we would suggest a quick refresher from tom’s guide on “The Worst Data Breaches of All Time” for reminders of some amazing cyber security horror stories.

2018 Breaches

According to Lily Hay Newman’s Wired article titled “THE WORST CYBERSECURITY BREACHES OF 2018 SO FAR”, there have already been four major events to report on and an additional one to watch. Specifically of note included:

  • Russian Grid Hacking: According to the White House, the NotPetya Russian grid attacks have had an estimated $10B in damages.
  • Global Universities: Nine Iranian hackers were charged by the Department of Justice with being responsible for infiltrating 144 US universities, 176 universities in 21 other countries, 47 private companies and other targets such as the United Nations, the states of Indiana and Hawaii as well as the US Federal Energy Regulatory Commission.
  • Exactis Exposure: Although, technically not a breach, Exactis left roughly 340 million records on a publicly accessible server back in June, compromising 2TB of personal information on hundreds of millions of US adults
  • Under Armour: Approximately 150 million Under Armour app user’s emails addresses, usernames and passwords were compromised back in February. While critical credit card information didn’t appear to be compromised, it was made known that an old/weaker password hashing called SHA-1 was being used. Which could allow hackers to crack those passwords.
  • VPN Filter: It turns out that this is the one to watch. According to Newman in the above referenced article:

    “At the end of May, Officials warned about a Russian hacking campaign that has impacted more than 500,000 routers worldwide. The attack spreads a type of malware, known as VPNFilter, which can be used to coordinate the infected devices to create a massive botnet. But it can also directly spy on and manipulate web activity on the compromised routers. These capabilities can be used for diverse purposes, from launching network manipulation or spam campaigns to stealing data and crafting targeted, localized attacks. VPNFilter can infect dozens of mainstream router models from companies like Netgear, TP-Link, ASUS, D-Link and Huawei. The FBI has been working to neuter the botnet, but researchers are still identifying the full scope and range of this attack.”

Prevent, Don't Remediate

The addition of Solebit into the Mimecast family gives you a leg up on preventing that one entry into your cyber environment. Further enhancing Mimecast’s cyber resilience platform architecture, Solebit provides powerful threat protection to help customers face today’s broad threat landscape with evasion-aware, signature-less technology. The Solebit solution uses Multi-Tier protection to defend against attacks at different levels of the stack. This comprehensive approach is powerful, as evasion techniques may spread across different layers. The solution protects against advanced malware by using Solebit’s deep inspection that analyzes commands at the CPU level, all the way up to the application level, analyzing macros and embedded JavaScripts in Microsoft office or any other data file types whether on premise or in your public or private clouds.

Solebit’s SoleGATE uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. The platform is agnostic to file type, client-side application type, or the client operating system used within the organization. Unlike a Sandbox which has to simulate specific customer environments, SoleGATE provides protection regardless of operating system, CPU architecture, and function (client, server) of the targeted machine.

See for yourself what SoleGATE can do to deliver evasion proof security for your organization today. Register for a free trial today.

Recent Posts