Zoom Vulnerabilities

The United Kingdom was put into lockdown under the guidance of an unprecedented broadcast to the nation on Monday 23rd March 2020. The advice and support from the UK government directed a massive national transformation and shift for the day to day operations for most businesses. 

Most businesses and organisations are making use of working from home, allowing them to operate in current circumstances while building greater trust with employees.

The critical element that has allowed remote working to be effective for most organisations is due to advanced technology /software and forward-thinking staff. A popular video conferencing tool is Zoom Video Communications.

What is Zoom?

Zoom is an American based digital communications business that provides a cloud-based tool for online chat services and video conference telephony. Each chat can have up to 500 attendees.

Zoom is available on a variety of platforms and operating systems such as Mac OS and Windows OS. Like its rivals, Microsoft Teams and Cisco WebEx meetings claim to be the leader in modern enterprise video communications, with an easy and reliable cloud platform for video and audio conferencing.  

Zoom has appeared frequently in recent news for its security flaws leading to the exfiltration of confidential data via attacker access to webcam and audio facilities on previous versions of the application. Also, uninvited people can join a meeting if the Zoom app is not used carefully.

Even though Zoom has claimed to be a reliable cloud platform, the security flaws have caused a negative impact on the remote working culture.

Zoom Vulnerabilities (Past & Present)

Zoom has a record of security flaws that have been widely recognised due to the compromising of confidentiality, integrity, and availability of features and functions as well as data within Zoom Meetings.

If Zoom meetings are or have been part of your communication platforms during remote working, then you may be susceptible to these security flaws and threats.  With the value of your personal and business data, this may be a significant breach of confidentiality and a significant negative impact on your organisation’s privacy.

Furthermore, it is believed that Zoom is frequently working on patches to mitigate the security flaws within its application, intending to be a reliable cloud platform for conferencing. On 27th April 2020, Zoom released Version 5.0.0 (23168.0427) a patch for security flaws for issues where a subset of scheduled meetings was deleted when an invitee with scheduling rights declined the invitation.  Another Security flaw that reached the attention of many users is the UNC vulnerability that compromises Windows credentials.

Zoom patched a fatal error in the Zoom Windows client that permitted attackers to use its messaging feature to share malicious links that once clicked will leak the Windows network credentials of the victim.

It has been stated that Google security researcher Tavis Ormandy established that this vulnerability could also be used to launch any program already accessible on a targeted computer or execute arbitrary commands. Fortunately, the vulnerability is patched in the Zoom Windows client version: 4.6.9 which has been available since 2nd April 2020.

Current Vulnerabilities

Currently, we have found a vulnerability listed on their security page that gives us an insight into the current vulnerabilities that could affect your users.

Zoom help centre states: “Zoom was notified by a security researcher that several malicious Chrome and Firefox browser extensions capture browsing activity, which was then sold to members of an online service such as the Dark web. This is not a Zoom vulnerability, but rather a malicious browser extension mistakenly installed by Chrome users that would upload details of their browser history. Given the scale of Chrome and Firefox users, it is not surprising that some of the affected Chrome and Firefox users have hosted or joined Zoom meetings. Among the many websites observed were Zoom meeting URLs visited by users who had these browser extensions. From these URLs, it was possible to collect information, potentially including meeting URLs (including meeting IDs), page titles, referrers, visitors’ internet service provider (ISP), city, state, network domain, and timestamp of the visit”.

As a matter of attention, it is suggested to change your recurring meeting links and meeting passwords as well as removing and reviewing any suspicious browser extensions.

For further reading on support and guidance on this matter feel free to access the Zoom help centre via https://support.zoom.us/hc/en-us/articles/360030698152-Malicious-Chrome-and-Firefox-Browser-Extensions.

What is advised when using Zoom?

When using Zoom Meetings, security should be taken into consideration when using the application.

This will help mitigate any threats to the privacy of your data and users. Ideally, it is always recommended to use the latest version of Zoom, this will help ensure that all available patches have been implemented against any known vulnerabilities.

Additionally, due to historic credential breaches, existing users and business users who use Zoom for remote working should change their existing password as a caution. 

Best practices within the Zoom application include:

  • Require a Password to join meetings.
  • Only allow registered or Domain Verified Users, therefore giving you peace of mind by letting you know who will be attending your meeting.
  • Do not use Personal Meeting ID for Public Meetings.

The official Zoom Best practises guide can be found via https://support.zoom.us/hc/en-us/articles/209743263-Meeting-and-Webinar-Best-Practices-and-Resources

For further information on how to protect your business contact info@omnicybersecurity.com 

Content Source(s) List:

  1. https://www.heart.co.uk/news/how-long-uk-lockdown-last/
  2. https://www.wired.com/story/zoom-bug-webcam-hackers/
  3. https://www.gadgetsnow.com/slideshows/government-issues-warning-8-reasons-that-make-zoom-video-calling-app-unsafe/Uninvited-people-can-join-a-meeting-if-Zoom-app-is-not-used-carefully/photolist/75188721.cms
  4. https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements-for-PC-Mac-and-Linux
  5. https://www.g2.com/products/zoom/competitors/alternatives
  6. https://support.zoom.us/hc/en-us/articles/360030698152-Malicious-Chrome-and-Firefox-Browser-Extensions
  7. https://www.cisomag.com/new-zoom-bug-lets-hackers-compromise-windows-credentials/
  8. https://support.zoom.us/hc/en-us/articles/201361953-New-updates-for-Windows
  9. https://support.zoom.us/hc/en-us/articles/209743263-Meeting-and-Webinar-Best-Practices-and-Resources

Covid-19 & APT

This week Dominic Raab shared the impact Covid-19 has had across organisations in the UK and USA. Raab stated that an increase in activity from APT’s has been identified throughout the crisis. He emphasised that the impact APT level threats can have on an economy can be substantial, and to prepare and mitigate this risks, the National Cyber Security Centre (NCSC), United States Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory to aid secure working through this time.

What is an APT

APT stands for Advanced Persistent Threat and is a term commonly associated with a malicious agency that uses sophisticated hacking techniques to infiltrate a system and reside in that system for an indefinite period. By establishing footholds in organisations, an APT can then exfiltrate sensitive data in the form of Personal information, Special Category information as well as any other Confidential data residing on a network, as well as potentially disrupting operations via a DoS attack (Denial of Service).

As the name suggests, the advanced approach carried out by APT’s generally requires a considerable amount of time and research, as such it’s quite common for APT’s to target ‘high value’ entities such as nation-states and large corporations. Although ‘high value’ targets are a key end goal for APT’s, this brings suppliers to such organisations into scope as these attacks often make their way into ‘high value’ targets through the supply-chain. This form of attack further highlights the need for supplier due diligence when making business decisions.

A successful attack from an APT can be summarised into three stages:

Stage 1 – Access

APT’s can commonly infiltrate and gain access to a network through one of three attack vectors: network resources, web assets and authorised human users. This can be achieved through various attack types such as malicious uploads (SQL Injection, RFI, SSti & other exploits of known/unknown vulnerabilities) as well as the use of Social Engineering attacks such as phishing & vishing.

Once access has been achieved, an APT will look to install a ‘backdoor’ to maintain access to a target, allowing for remote and undetected movement. Trojans are often used to install backdoors disguised as legitimate software, further highlighting the need to scrutinise the applications installed on devices.

Stage 2 – Movement

Once an APT has established a foothold in the target environment, the attackers tend to move laterally further cementing their foothold. Here the attacker may utilise privilege escalation to obtain administrative rights to further manipulate a network under the guise of a legitimate user. 

The attacker may choose to compromise staff member accounts that are privy to the most sensitive data and in doing so, accumulate critical business information, employee data and any other data the attacker may deem necessary to attain their end goal. Having a complete view of your digital infrastructure is critical to identifying APT activity within your network.

Stage 3 – Action on Objective

Once a firm foothold into an establishment is made, an APT would then act to fulfil its objectives. This can vary from taking down critical functions of an establishment to extracting sensitive data to be sold elsewhere. It is known for APT’s to initiate a DDoS attack often to create noise on a network during the extraction of data, ensuring key personnel remain distracted as they achieve their objectives.

Why does this affect my business?

Although the prime targets for APT’s are ‘high value’ organisations, these are often accessed through a supply chain of SME’s. The NCSC has previously identified the increasing cyber threat landscape across businesses throughout the UK and created the Cyber Essentials standard in June 2014. Over the years the standard has grown in popularity and has become an increasingly favoured standard to demonstrate secure working businesses in the UK. As a result, from October 2014, the Government requires all suppliers involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials Scheme.

With the growing model of supply chain attacks, certain controls must be implemented across all businesses in the nation to mitigate the risk of a successful APT on nationally critical services. You may feel that your enterprise has no direct involvement with any Government body. However, you may be part of a chain of attacks for an APT to achieve their end goal. 

OmniCyber Security thoroughly recommends obtaining these standards for the safety of not just your enterprise, but for the nation.

OmniCyber Security offers solutions for enterprises of all sizes to control their cyber threat landscape, including consultancy, where our trained professionals can help guide the following standards:

  • Cyber Essentials
  • Cyber Essentials PLUS
  • ISO 27001
  • PCI

OmniCyber Security is also partnered with Darktrace to provide an AI solution threat detection and prevention solution that can aid identification of APT activity within your enterprise.

Please read the advisory from the NCSC and CISA.

To find out more or discuss your threat landscape further, please contact us.

COVID 19 Reponse

Message from the CEO

Stuart Joce – OmniCyberSecurity

 

At OmniCyber Security, the health of our employees and clients is the highest priority. As a business, our service is mostly uninterrupted, and our teams are working remotely and delivering as usual.  

Cyber Security is still an essential topic for businesses of all sizes. With access to business premises limited, the OmniCyber team have developed a range of processes that enable us to carry out the engagements remotely. 

OmniCyber wants to help

As always, our mission is at the heart of everything we do; “Provide cost-effective, high-quality cybersecurity services”

We understand businesses of all shapes and sizes are facing challenging financial circumstances; we want to ensure those challenges don’t affect the security of your business. 

What we are going to do

With these things in mind, OmniCyber Security will now provide the first year of all three year penetration testing agreements for FREE. 

This offer is available to all businesses, whether you are an existing or new customer for OmniCyber. 

These are challenging times for the health and security of your people, and your business and we will do our best to support you in any way that we can.

 

WFH Cyber Security Guide

Many employers are asking people to work from home in response to the COVID-19 coronavirus and the government’s advice. The current guidance recommends remote working wherever possible and to partake in social distancing as part of the delay phase strategy. Other people are self-isolating because they have symptoms or wish to work from home by choice, to play their role in slowing the spread of the coronavirus.

Technology makes it reasonably simple for employers to set up employees to work from home. However, this means that online security threats need extra considerations. Remote working poses a dual risk that could result in a company security breach or a breach of the worker’s privacy.

If you are an employer, you must protect your company and your workers. To help companies, the National Cyber Security Centre has published guidance on preparing for home and remote working. We cover all of this advice here.

Online threats of working from home

 When employees work from home, there are three main areas of threat and vulnerability:

  • Personal devices and personal networks that home workers use to carry out tasks increase the risk of malware and a leak of private company information. An employee’s device may not have the inbuilt security of business networks, such as customised firewalls, antivirus software, and online backup.
  • Unsecure Wi-Fi use poses a risk, although most employees can use their home Wi-Fi. If you are an employer, you should help ensure the network employees use is secured. However, some employees use unsecured public Wi-Fi, which is notoriously more susceptible to spying activities and information theft.
  • Scammers are targetting the opportunity presented by the flood of remote working personnel in several different ways, which we also cover below.

Remote working cybersecurity tips

Employers should provide security guidance and work from home protocols for their workforce. The following steps are an excellent place to start:

Use strong passwords and review your passwords to make sure the same password is not used more than once. A strong password should include upper and lower case letters, numbers, and special characters. Not using a password more than once is essential because if one password and username are compromised, cybercriminals partake in credential surfing. Credential surfing is a tactic where criminals attempt to access other accounts using the compromised username and password. You can tackle this problem by using a password manager, which makes it simple to create unique and robust passwords, and best of all, you do not need to remember them yourself.

Secure your router and change the router password. Using the default password when you acquired your router is extremely risky. You should also check for firmware updates, ensure encryption is set to WPA2 or WPA3, use the highest level of encryption, turn off WPS, and restrict outbound and inbound traffic.

Install software updates, which are security patches that resolve vulnerabilities discovered since the last update or from the creation of the software. You should encourage your workers to check that all updates are set to automatic so that they do not need to worry about checking for updates in the future.

Set up two-factor authentication (2FA) and two-step verification (2SV), which adds an extra step to security. Many second step security choices include biometrics (fingerprint or facial recognition), text message and email confirmations, or even a USB fob.

Back up data because this can be lost in a number of different ways, operator mistakes can result in a loss of data as can hardware damage. Cyberattacks can purposefully wipe data or hold it to ransom (ransomware) with malware, in an attempt to extort the company. You can back up data with a cloud backup service or go retro and use hardware, such as an external drive.

Use antivirus software to detect and remove malware and other viruses. Good antivirus software includes those made by McAfee and Norton. If you are an employer, you should encourage remote workers to run their antivirus scan more often or change the schedule settings to do this automatically.

Use a virtual private network (VPN) to encrypt your internet traffic. Companies can use a multi-worker VPN provider to support their workers, and this makes good financial sense as well.

Lock your devices because work information should not be shared with other family members and should be protected against access from others, especially if you work in a public space.

Be cautious of remote desktop tools (RDPs) because many have security problems. So, be sure to research remote desktop tools before choosing one.

Set up your firewall because this creates a barrier between your device and the internet. A firewall helps stop data leaks and prevent malicious software from getting in. Firewalls are usually built-in as part of the device’s operating system, but you should ensure that they are active.

Avoid phishing emails where cybercriminals try to obtain your information with emails, as well as through other mediums such as text messages or voicemail. You can watch out for a variety of things that helps you spot a phishing email. Look to see if the sender’s email address is correctly spelt, check if the email contains grammatical errors, and avoid clicking on links unless you 100% trust them. If you do open a link from an email, look in the URL bar for the padlock symbol (HTTPS), which indicates that the website is safe and up to date.

Use encrypted communication to protect information. If an encrypted communication app has not provided by your company, you should choose a messaging service with end-to-end encryption.

Employers and businesses should also ensure that employees know how to report a problem and make them aware that they will not be in trouble if a problem occurs. If your employees are too scared to report a problem, your company cannot protect itself and take remedial action. You should also consider creating how-to guides on security tasks or work with a cybersecurity company to create these and aid your employees.

Mobile Application Testing

Mobile applications, or apps, are increasingly a part of everyday life. Often, apps are fundamental to business operations, and this is becoming the norm. App security is vital, and mobile application testing is something that all companies should partake. Mobile application testing is essentially a penetration test for your mobile app. 

 A security breach through a mobile app can devastate a company with bad publicity and the loss of their positive brand reputation. Companies can also suffer financial implications, including fines for non-compliance with UK regulations.

 With mobile applications processing massive amounts of sensitive data, they have become an ideal target for cybercriminals, who are extremely aggressive in this space.

 Mobile application testing will protect apps and devices against cyber-attacks and the rapidly increasing amount of malware. Operating systems such as iOS, Android, BlackBerry, and Windows all fall within the scope of security testing.

 A valid test looks for data leaks, authorisation errors, authentication errors, and improper session handling. Testing can also include a review of your company’s Mobile Device Management (MDM) policy.

Mobile application security risks

There are different types of cyber-attacks that mobile apps can be vulnerable to:

  • Financial fraud – this includes tampering with payment modules and capturing user logins during input
  • Mobile malware – can be used to steal smartphone credentials
  • Credential harvesting – can change authentication mechanisms to acquire user credentials
  • Circumventing security mechanisms – to disable, change, or remove security mechanisms
  • Man-in-the-middle attacks (MiTM) – intercept your or your client’s data as it moves from the app to the server

The results of in-app tampering can lead to criminals acquiring company keys and secrets, compromising mobile devices, app cloning or repackaging, IP theft, and app privacy.

Mobile app cyber threat testing

Mobile app testing is the offensive action to take to prevent data from being compromised or stolen. It also prevents cybercriminals from penetrating wider parts of your network.

 If your company is developing an app, then security tests should take place during app development, from initial inception through to beta testing. Mobile app testing should also be conducted when third-party developers are creating an app for your company.

Testing covers:

  • Native applications – these are apps created specifically for mobile devices running on Android, iOS, and other operating systems
  • Web and hybrid applications – these appear like native apps but work through a web browser and are written in HTML5, CSS, or JavaScript

In addition to regular app testing, your business should avoid apps that are distributed by third-party app stores and be careful not to rush apps to the market.

Testing methodology

The mobile app testing process begins with gathering information on the app’s design and architecture, including frameworks, platform mapping, and languages. The testing then simulates client-side, server-side, network-side, and Layer 7 attacks.

The comprehensive testing process will consider the scope of your company, the mobile app or apps to be tested, and the desired outcome. You will be provided with a proposal for the work and of any preparation required.

 Evaluation and security testing takes place and is used to create a report of test findings. The report will also highlight remedial actions, and afterwards, a retest can be conducted.

Testing searches for:

  • Insecure data storage
  • Unintended data leakage
  • Poor server-side controls
  • Broken cryptography
  • Weak authentication and authorisation
  • Inadequate transport layer protection
  • Client-side injection
  • Improper session handling
  • API vulnerabilities
  • Poor binary protections
  • Security decision from untrusted inputs

The security company you work with should be CREST accredited and capable of highlighting vulnerabilities and offering critical remedial advice. 

OmniCyber works with companies using few or many apps and those testing their first apps through to those that have tested hundreds. Testing is tailored to your organisation, considering your goals and priorities.

External vs Internal Network Penetration Testing

Strong network security is a fundamental responsibility for all organisations and businesses. Weak cybersecurity can be extremely damaging to your company with severe brand and financial implications.

External and internal network penetration testing is the solution to security testing and leads to remedial actions. Pen tests are carried out by security companies with ethical hackers that have extensive knowledge of offensive security.

The penetration tests check for vulnerabilities of an organisation’s network, computers, laptops, software, wired and wireless systems, applications, cloud networks, email servers, routers, and employees. The scope of the test is agreed upon and includes internal and external testing.

 External pen tests asses your organisation’s perimeter defences, while internal tests assess weaknesses once your network has been compromised. The analysis uses automated and manual tools to test different attack paths. 

 In some industries, penetration testing is mandated, such as government departments, healthcare, and financial services. For other organisations, testing should take place at least once or twice a year.

Here we take a look at external vs internal network penetration testing.

External network penetration testing 

External network penetration testing looks to exploit weaknesses from an external position, with no pre-permissions or access. This simulates an attack by a cybercriminal, looking to compromise or steal a company’s information.

By simulating an external cyberattack, your company will find out if its existing security measures are adequate. 

External penetration tests include:

  • Authorisation testing
  • Authentication testing
  • Cryptography testing
  • Business logic testing
  • Identity Management testing
  • Client-side testing
  • Session management testing
  • Input validation testing
  • Error handling testing

Internal network penetration testing 

Internal network penetration testing is one level above vulnerability scanning and typically takes place after external penetration testing. Internal pen tests attempt to exploit detected internal weakness to reveal what data is at risk and the potential impact this could pose.

The simulated cyberattack comes from a cybercriminal who has gained access to the company’s internal network. The testing is also conducted from an attack by an on-site contractor or employee.

Internal penetration tests assess network elements such as access points, computer systems, firewalls, Wi-Fi networks, employees, and local servers, as well as IDS/IPS. They also assess the effects of malware spreading, privilege escalation, and other malicious activities.

Internal penetration tests include:

  • Firewall and ACL testing
  • Internal network scanning
  • Database control testing
  • Password strength testing
  • Social engineering testing
  • Port scanning
  • System fingerprinting
  • Trojan scanning
  • Manual vulnerability testing
  • Networked equipment control testing
  • Vendor/third-party configuration testing

Pen test reporting

Once internal and external penetration testing is completed, your company receives a debrief and a formal written report of the findings. This report highlights detected software flaws, insecure or non-configured firewalls, inadequate security controls, malware presence, and unpatched systems.

The pen test report also highlights what remedial action should be taken to address the risks. This list of steps is prioritised by the level of risk and potential impact on your organisation.

Businesses need to perform both external and then internal penetration tests to determine the effectiveness of technical security controls and policies. It is necessary to conduct regular security audits to tackle the fast pace of developing cyberattack techniques, the weaknesses that become known in software and hardware and to conform with security regulations.

To ensure penetration testing is carried out successfully, you should choose a third-party cybersecurity company that is CREST accredited and uses Certified Infrastructure Testers (CCT INF).

What is vulnerability scanning?

Vulnerability scanning is one of the most critical responsibilities of an internal IT security team or a certified external security company. The consequences for a company that does not effectively manage vulnerabilities are severe.

Vulnerabilities and weaknesses are an open door for cybercriminals to hold your company to ransom (by installing ransomware), steal customer data, and create all manner of havoc. This can result in destroying your business reputation and in being issued severe fines by governing bodies.

 To lower the risk of cybercrime, the management of vulnerabilities is a program that includes assessing and reporting on security vulnerabilities. After vulnerability scanning takes place, the necessary actions to eliminate or reduce identified threats are implemented.

The first step in this vulnerability management process is to find and identify threats through the vulnerability scanning process. Vulnerability scanning has two stages:

Vulnerability scanning step 1 – Step one uses an application to scan your organisation’s network-connected infrastructure. This network-connected infrastructure will likely include firewalls, servers, printers, switches, laptops, desktops, containers, and virtual machines. This vulnerability scanning process results in the creation of a log of all devices, the operating systems on which they run, user accounts, and open ports, as well as other installed software.

Creating the most detailed and thorough picture is essential. With threats and attacks occurring more often, it is advisable to use a certified external security company. They will have the knowledge and experience to dig deeper. The more comprehensive techniques used by certified security companies may include using default and system credentials, to produce a more comprehensive and detailed report.

Vulnerability scanning step 2 – Once phase one is complete, the vulnerability scanning process checks all items in the inventory log, against a database of known vulnerabilities. This enables the creation of a report of software and hardware weaknesses and vulnerabilities.

How does vulnerability scanning work?

Vulnerability scanning is only one step in an effective vulnerability management process. The vulnerability scanning highlights software and systems that have known vulnerabilities. However, the complete vulnerability management process includes:

  1. Scanning and identifying weaknesses
  2. Assessing the risk of identified weaknesses
  3. Resolving the vulnerabilities, so they are no longer a threat
  4. Reporting on the weaknesses found and the action taken to mitigate the threat

What your organisation needs to consider before vulnerability scanning

Vulnerability scanning and management are critical, and there are several things you will need to decide upon before instigating the process.

 Scanning and identifying weaknesses – The success of finding weaknesses through scanning depends upon the scanner’s ability to identify system information, devices, software, and open ports. For success, the scanner will also need to be able to check the information found against one or more databases of known vulnerabilities.

 Before vulnerability scanning takes place, your organisation should agree with the security company performing the scan, several parameters. Scanning may need to take place outside of your organisation’s operating hours or be more or less aggressive to enable the business to continue as usual.

Adaptive vulnerability scanning is another useful option to minimise the effect of vulnerability scanning on your business’s operations. The adaptive approach detects when new devices are connected to the network for the first time. This might be a new desktop or a laptop. When these events occur, the vulnerability scanner is launched automatically. The advantage to this is that you are protected against vulnerabilities straight away, instead of having to wait for the next scheduled scan.

Internal or external security team – All companies are different with their unique mix of talent and knowledge. However, vulnerability scanning and the report of weaknesses can be extensive, and hence be overwhelming if you have a small internal IT team.

Certified security companies have the expertise and teams of security professionals to tackle the job at hand effectively. They have the knowledge to recognise if vulnerabilities are false positives and can security controls already in place reduce the risk of the identified weakness.

 They will also be able to determine which vulnerabilities need fixing first by assessing if it is realistic for cybercriminals to exploit the weakness. They know if physical access to your business would be required and the potential impact the vulnerability would have on your company if it were used.

Simple fixes or security patches are not always readily available, so decisions will need to be made to mitigate the risks. Your business may need to stop using vulnerable software or systems or add further layers of protection and controls. In some cases, no action is taken when the risks are extremely low. 

What is the difference between internal and external vulnerability scanning?

To meet the different security compliances, internal and external vulnerability scans need to take place.

Internal vulnerability scan – These take place from inside the company’s defences and highlights vulnerabilities open to cybercriminals that gain access to your system. Internal scans also highlight the damage that could be caused by disgruntled workers or on-site contractors.

External vulnerability scan – These take place outside of your company’s defences and network. External tests evaluate the effectiveness of your network, including web application firewalls and network firewalls.

Vulnerability scanning vs penetration testing?

Vulnerability scanning focuses on finding known weaknesses and vulnerabilities. This is a vital first step for all companies that use network-connected technologies.

 Penetration testing looks to find weaknesses in organisational practices, processes, and system configurations that can be exploited by cybercriminals. Penetration tests may include:

  • Intercepting and then using passwords that are not encrypted over the network
  • Attempting to acquire passwords from employees, through impersonating a security person or manager. This is called social engineering and tests to see if a cybercriminal can access your database.
  • Gaining access to accounts through sending out phishing emails

Vulnerability scanning is vital for all companies, and we recommend using a certified cybersecurity company. OmniCyber can help contact us for more information on vulnerability scanning. 

Mitigating Malware

Mitigating malware is about reducing the risk of infection by malware. Your organisation can take pre-emptive steps and prevent cybercrime. While it is impossible to defend 100% against malicious software, the risks are hugely reduced, when proper preparation and security tasks are performed.

A cybercrime event can be extremely costly to your operation and its reputation. The actions of malicious software can include:

  • Locking your device and holding them hostage for a ransom (ransomware)
  • Stealing, deleting or encrypting your data
  • Gaining credentials and permissions within your network
  • Using chargeable services at your expense
  • Mining cryptocurrency
  • Using your devices to attack another organisation

Ransomware is becoming an even greater problem due to automation, and there is no guarantee that your files will be decrypted if you pay the ransom. Called wiper malware, these attacks can target both small and large organisations.

The National Crime Agency advises you not to pay the ransom. Your devices could remain infected, be the target of future attacks, and fund criminal activity.

How to protect your devices from malicious software

Conducting software updates is the first step to mitigating malware risks. Regularly, new vulnerabilities become known. To tackle this, manufacturers release software updates, known as patches. You should ensure your devices are set for automatic updates. You should also cease using operating systems or software that is no longer supported by the manufacturer.

The second step to malware resistance is to create a backup of vital files. These might include documents, spreadsheets, and photos that cannot be replaced. Off device storage of these files, such as on a separate hard drive or a USB stick, is a good solution, as long as the storage devices don’t remain connected to your computers. Another option is to use an online cloud-based service that is not located on your network.

The third step is to protect your devices by using anti-malware and antivirus software. These must remain turned on and be up to date. For Windows devices, for example, Windows Defender is built-in. Be sure to run a full scan regularly and only download apps from the official Windows, Google, and Apple stores.

How to protect your organisation’s network

On a network level, it is a fact that eventually, some attacks will get through. To minimise the risks, your defences should take a layered-approach. These layers should:

  1. Prevent malware from getting to your organisation’s devices
  2. Prevent malware from executing its malicious code
  3. Prepare a rapid incident response plan to cyber attacks

You should also consider working towards the Cyber Essentials certification scheme. When you do this, partners and customers can be assured that you have taken the necessary action to minimise the risks of malware and other attacks, such as phishing.

Here we take a look at the three layers of protection in more detail:

Prevent malware from getting to your organisation’s devices – Actions include whitelisting files types that you expect to receive, regularly inspecting content, creating safe browsing lists, and blacklisting unofficial or dangerous websites. You should use signatures to block malicious code and put in place mail filtering, internet security gateways, and proxy interceptions from known malicious websites.

Prevent malware from executing its malicious code – You should install enterprise-grade anti-malware and antivirus software and conduct awareness training with your workforce. Ensure that you install security updates on all devices, configure your network’s firewall, and enable operating system and firmware automatic updates. 

Prepare a rapid incident response plan to cyber attacks – Your organisation should prepare incident responders to act quickly, to prevent the possible spread of the malicious software. Devices with old apps and old operating systems should be segregated from the network if they cannot be replaced. Also, your security team should regularly review user permissions and privileges to minimise the number of system admins. It is also a valuable exercise to test your backup and restore processes.

Malware infection response steps

If a device becomes infected by malicious software, then you should take these six steps:

  1. Turn off Wi-Fi and disconnect network cables
  2. Replace disk drives and reinstall the operating system
  3. Download/update the OS and other software from an uninfected network
  4. Install, update, and run your antivirus software
  5. Reconnect the device to your organisation’s network
  6. Monitor network traffic and perform antivirus scans to determine if an infection remains

Our final piece of advice is not to attempt to decrypt your data using unknown tools from unknown security professionals. In most, but not all cases, it is impossible to decrypt data encrypted by ransomware.

Mitigating malware attacks is a complex process, and not all companies will have the internal resources to put adequate protections in place. Omni Cyber Security is ready to help organisations of all sizes put in place robust anti-malware processes.

Cybersecurity steps for your business

When planning and implementing practices for cybersecurity within your business, there are some things to consider. So, if you are looking for advice on cybersecurity and want to know where to start, read on.

The main considerations for cybersecurity

Your company must maintain the safety of the data you hold. Because of this, it is essential to plan and monitor the effectiveness of security policies and practices. Here we break down the steps you can take for cybersecurity.

1. Risk management

Your company has various systems and technology that are in use daily. These help you achieve your business goals, but they also need assessing for risks. You have to evaluate potential security risks such as:

A management risk policy identifies the potential issues of a security breach. Once you know how a problem is going to affect your business, you can plan how to prevent it. Policies need to be clear and concise. All users in the company have to be aware of how they fit into the security strategies. 

2. Mobile and off-site working

It can be beneficial for employees to work off-site or at home, but it does carry risks. Any cybersecurity policies you put into place have to take these types of mobile workers into consideration. By not taking the proper precautions to protect off-site access, you could be vulnerable to:

  • Loss of devices
  • Password or user access login theft
  • Malware or tampering of off-site equipment

Employees that work from home or on a mobile basis require training on data protection. Educate all employees on mobile working policies. Include aspects such as not leaving laptops, phones, or tablets unattended. Avoiding usage in public spaces helps to prevent anyone from overlooking the employee for potential access to company data.

3. User privileges

Employees have access to essential data for the completion of their duties. Allowing staff to have extensive system access can have potential issues. If there is a compromise of an employee account, a data breach is more severe as a result.

To avoid potential misuse of account privileges you can:

  • Implement account management processes
  • Set a password guidance policy
  • Limit user access to privileged information
  • Have a limited number that can access sensitive information

Actively monitor systems to make sure that access remains with those that need it. Employees at a specific level should only access confidential information or areas of the corporate network. Make sure that all employees know what is acceptable but also what is not.

4. Secure your corporate network

Your business network needs protection from possible security breaches. The company network and any other systems it connects to need to form part of your cybersecurity protocols. Some steps for business network protection include:

  • Firewalls
  • Malware checking
  • Internal network protection
  • Secure wireless access

Firewalls can create a protective barrier between your company network and the internet. Malware checkers and antivirus software can help protect corporate data systems.

Limit connections between your internal network and external systems, such as the internet. You can set up segregation within the system. So, if one set suffers a breach, it is easily isolated. Monitor your network and educate all users of activities that can cause possible problems.

5. Educate users

It is vital that all employees fully understand the risks your business faces concerning cybersecurity. 

Technology and systems are the way your staff do their jobs, but they must also keep the business secure. Managing data risks starts with your employees. You have to consider procedures for external attacks but also any internal breach policies. Managing data risks concerning employees can include:

  • Create a user policy – security policies cover your business, but you also need one for employees. Procedures are relevant to each department. Keep the wording simple so that everyone fully understands the user’s security policy.
  • Induction process – set an induction process for all new employees. All security policies and individual responsibilities are part of this. It must cover third parties or contractors but also consequences for non-compliance.
  • Monitoring – continual evaluation of training for users identifies possible issues and improvements. Make sure there is plenty of opportunities for employees to discuss the practice and feel able to ask about anything unclear.

Your employees are present in all parts of your business, so you want them to report any issues. Empowering your staff to highlight problems without recrimination is an excellent tool. Personnel will more likely bring items to attention and so help avoid a more significant issue.

If your business needs help with Cybersecurity contact the OmniCyber team today.