The 2017 news base was dominated by cyber threats, cyber crimes, breaches and more. At every turn of the page you were overwhelmed with headlines surrounding breaches of major companies, viral ransomware and leaks of spy tools from U.S. intelligence agencies.
Unfortunately, 2018 seems likely to be another year of threats across the board. The mission for all involved in the security space is to constantly educate, share and empower one another to be prepared for what is ahead.
2018 brings a plethora of security issues – each more fascinating and challenging than the last:
Non-Malware Attacks
The future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult to neutralize. Fileless malware infects targeted computers while leaving nothing behind on the local hard drive. This makes it incredibly easy to sidestep traditional signature based security. During the past year, fileless attacks have been on the rise. According to the SANS 2017 Threat Landscape Survey, one-third of organizations surveyed reported facing fileless attacks in 2017.
In 2017 attackers managed to hit 140 enterprises, including banks, telecoms, and government organizations, with the fileless malware. The organizations were primarily in the U.S., U.K., and Ecuador but firms in Brazil, Tunisia, Turkey, France, Spain and, and Spain were also compromised. Researchers described how the attackers used the malware to gain a firmer foothold into bank’s systems and cash out.
New Jersey Cybersecurity and Communications Integration Cell, NJCCIC says: “The NJCCIC assesses with high confidence that fileless and ‘non-malware’ intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.”
What can you do now? Here is a good start:
- Make a shift in end-user awareness
- Disabling the use of PowerShell on networks
- Monitor more closely outbound traffic
- Trace it back to applications making those requests.
Supply Chain Attacks
Supply chain attacks in 2017 were only the beginning of the growing trend. These attacks seek to damage an organization by targeting less-secure elements in the supply network. Much like social engineering, these supply chain attacks exploit a trust relationship between a software (or hardware) vendor and its customers.
CloudHopper, CCleaner, ShadowPad, Kingslayer, PyPi and M.E.Doc – many of which targeted software aimed at IT administrators and software developers Reports of these attacks are likely to increase in 2018 as new names enter the hacking world. Supply chain attacks are not new, however, the frequency is reason enough to cause concern.
What can you do now? Here is a good start:
- Create a process of strict control of your institution’s supply network in order to prevent potential damage from cybercriminals
- Ensure that all applications receive their updates over secure encrypted channels
Phishing Attacks
Phishing Attacks – usually comprised of a malicious email attachment or an email with an embedded, malicious link are the primary vector for malware attacks. Luckily, if you know what you’re looking for, they are easy to detect. However, phishing is far from over.
Some 2017 highlights – source: Info-Security Magazine
What can you do now? Here is a good start:
- Training and awareness
- Strict management on admin access
- Invest in web protection, email protection, mobile device management, password management etc.
If there is one thing that 2017 should have taught us, it is that attacks are becoming more complex, more advanced and can happen to anyone. Opening the dialogue and empowering our peers to educate and plan accordingly is not only the best course of action – it is possibly the only one!
ROLE DESCRIPTION
We are looking for a Membership Manager to join the company and take on one of the most opportunistic roles the industry has to offer. This is a role that allows for you to create and develop relationships with leading solution providers in the enterprise technology space. Through extensive research and conversation you will learn the goals and priorities of IT & IT Security Executives and collaborate with companies that have the solutions they are looking for. This role requires professionalism, drive, desire to learn, enthusiasm, energy and positivity.
Role Requirements:
Role Responsibilities:
Apex offers our team:
Entry level salary with competitive Commission & Bonus opportunities
Apex offers the ability to make a strong impact on our products and growing portfolio.
Three months of hands on training and commitment to teach you the industry and develop invaluable sales and relationship skills.
Opportunity to grow into leadership role and build a team
Extra vacation day for your birthday when it falls on a weekday
All major American holidays off
10 paid vacation days after training period
5 paid sick days
Apply Now >>