• About
  • Archive
  • Contact
  • basefarm.com
Basefarm Blog
  • Big Data blog
  • Cloud blog
  • Security blog
  • DevOps blog
  • Menu

MALWARE IS SO 2017: FIVE SECURITY TRENDS TO WATCH OUT FOR

“Security and risk management leaders have operated in the shadows for a long time. Now it’s their opportunity to shine,” said Peter Firstbrook, research vice president at Gartner. “If they exploit emerging trends and build a strong security program, they can keep their organization safe and significantly elevate their standing.”

Remember when several massive ransomware attacks went global and hit many big businesses? Outbreaks such as Petya and WannaCry really put the malware threat on the IT agenda and made cybersecurity a priority for everyone. But it doesn’t stop with malware, there are many more security threats out there. The attackers’ arsenal is expanding and becoming more complex. Fredrik Svantes, Senior Information Security Manager at Basefarm, discussed with us the latest developments that keep the cybersecurity community busy.

1. Use of standard tools by attackers

Many companies have become much more aware of the need to be more secure. Greater cybersecurity efforts have made it harder for attackers to remain undetected while they are within their target’s network. In its recent annual report, the Dutch national intelligence agency AIVD reports an increase in the use of standard tools for attacks, some from nations dabbling in digital espionage. Fredrik Svantes, sees this happening more and more: “Attackers don’t want to get caught while stealing valuable data. High-profile targets deploy many security systems, malware detection systems for example. If attackers use specific “hacker tools” in their reconnaissance phase, this will raise a red flag. So, they opt for standard Windows tools, like Microsoft Power Shell, to look around in the network.”

2. Big data becomes a security system

How to keep out attackers who apply standard tools? Basically, this comes down to setting up a baseline for how employees use their systems. This is where big data analytics comes into the picture as it can help detect anomalies. “For instance, technicians will have certain work routines, while people in the finance department have a different workflow. When suddenly someone in the finance department opens Power Shell, this is not a standard behavior. This will trigger warning signals even though it just happens to be a standard Windows application.” Especially users with high security risks, like government and companies with significant volumes of IP or critical data to protect, rely on big data for security. Svantes: “Facebook does so for sure.”

3. Security professionals are hard to find

Organizations looking to hire security professionals find themselves competing in a fierce market. “If you need security personnel in about a year, you’d better start recruiting them now,” says Svantes. “You can’t start recruiting just three months before an important project.” Although the situation might be improving, with several top European universities introducing security education programs, right now the lack of experts is a huge problem. For most companies, the best immediate bet is to look for external partners who can help to secure their IT. “Not every company needs a team of security professionals, but what everyone does need is people who are security aware. For example, developers should have security in the back of their minds while working on their projects.”

4. Your servers turn into secret bitcoin miners

Regardless of the market you operate in, a trend that is emerging is criminals utilizing compromised servers for crypto mining which requires high amounts of computing power. “To have a single server mining for cryptocurrency is not very efficient, but it adds up when you have thousands of compromised servers working for you. Because crypto mining networks use substantial resources, the increase of resource usage can often set off alarm bells if proper detection measures are in place.” How can attackers be kept out? Most importantly, make sure your systems are up to date. Don’t leave things unpatched or run old versions of software. And of course: don’t click on everything you see. Attackers still see e-mail scams as an attractive “way in”.

5. A shift from prevention to detection

“It’s one thing to try to protect your company, but there is no way to be 100% protected,” Svantes states. “The past couple of years have witnessed a strong focus on preventing attacks from happening. But now, many companies are waking up to the fact that they can only prevent so much. What they can do however, is try to detect intrusions as soon as they happen.” In a world of changing threats and compute-everywhere environments, the old security paradigm of just building bigger walls will be replaced by a continuum from block to allow. Machine Learning is becoming the key technology for predicting, detecting and preventing known and unknown threats. According to Gartner, deploying threat detection and response tools is a top priority for Chief Information Security Officers (CISOs). These investments can make a big difference. A recent report published by the US Ponemon Institute calculates that when an intrusion is found in less than 100 days, the average cost is $2.8 million. When detection takes longer than 100 days, the expense jumps to $3.8 million.

Want more information?

Read more about our emphasis on security here, our security standards here and our security services here!

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on Pinterest
  • Share on Linkedin
  • Share by Mail
Image by Glenn Carstens-Peters from Unspalsh

0-days in Microsoft exchange servers

March 3, 2021/in Security blog /by Rebecca Mybrand

Published: 2021-03-02CVE-2021-26855CVE-2021-26857CVE-2021-26858 CVE-2021-27065  “Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to […]

Read more
https://blog.basefarm.com/wp-content/uploads/2021/03/glenn-carstens-peters-npxXWgQ33ZQ-unsplash-scaled.jpg 1703 2560 Rebecca Mybrand https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Rebecca Mybrand2021-03-03 14:33:042021-03-03 14:34:190-days in Microsoft exchange servers
Image by David Mark from Pixabay

Centreon IT monitoring software and Russian Sandworm hackers

February 16, 2021/in Security blog /by Hans-Petter Fjeld

Basefarm has become aware of published news telling of Russian-accredited advanced persistent threat actors, given the name of Sandworm, having exploited Centreon IT monitoring software. Basefarm is aware that some news report mention Orange as on the customer-list of Centreon and while Basefarm is owned by Orange Business Services we would like to make it […]

Read more
https://blog.basefarm.com/wp-content/uploads/2021/02/beach-1751455_1920.jpg 1277 1920 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2021-02-16 12:32:292021-02-16 12:45:05Centreon IT monitoring software and Russian Sandworm hackers
Image by Peter H from Pixabay

Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

February 10, 2021/in Vulnerability bulletin /by Hans-Petter Fjeld

Published: 2021-02-09MITRE CVE-2021-24074MITRE CVE-2021-24094MITRE CVE-2021-24086 “Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the […]

Read more
https://blog.basefarm.com/wp-content/uploads/2021/02/luggage-3297015_1920.jpg 1236 1920 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2021-02-10 13:53:312021-02-10 13:53:32Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
Mikael Karlsson

Don’t get caught in the cold with ransomware

February 8, 2021/in Security blog /by Hans-Petter Fjeld

Ransoms is sadly the trend these days. We want to share a cheap and effective way to enable prevention that most probably fail to consider. Using the ransomware simulator from KnowBe4, RanSim, we could see that our endpoints did no prevention previously. An easy way to minimize the attack surface for ransomware is to use […]

Read more
https://blog.basefarm.com/wp-content/uploads/2021/02/8474B4E3-52AA-4E37-A9E2-1205A48E6669_1_105_c.jpeg 768 1024 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2021-02-08 17:35:152021-02-08 17:35:17Don't get caught in the cold with ransomware
House in winter wonderland.Image by Hermann Schmider from Pixabay

CVE-2021-3156 | Heap-Based Buffer Overflow in Sudo

January 27, 2021/in Vulnerability bulletin /by Hans-Petter Fjeld

Published: 2021-01-26MITRE CVE-2021-3156 “The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.” This is especially bad for multi-user environments where some users have login access, but […]

Read more
https://blog.basefarm.com/wp-content/uploads/2021/01/house-5914171_1920.jpg 1282 1920 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2021-01-27 11:26:022021-01-27 11:26:03CVE-2021-3156 | Heap-Based Buffer Overflow in Sudo
Image by Ervin Gjata from Pixabay

SolarWinds Supply Chain Attack to Compromise Victims With SUNBURST Backdoor

December 16, 2020/in Security blog /by Hans-Petter Fjeld

There is an ongoing news-story concerning SolarWinds and a supply chain attack used by an advanced threat actor to compromise victims with a rather advanced backdoor. Basefarm does not use this affected product, but are aware of at least one of our customer who do. We are working with the customer in question to mitigate […]

Read more
https://blog.basefarm.com/wp-content/uploads/2020/12/snow-5759500_1920.jpg 1280 1920 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2020-12-16 11:09:462020-12-16 11:10:27SolarWinds Supply Chain Attack to Compromise Victims With SUNBURST Backdoor
Image by adege from Pixabay

CVE-2020-17095 | Windows Hyper-V Remote Code Execution Vulnerability

December 11, 2020/in Vulnerability bulletin /by Hans-Petter Fjeld

Published: 2020-12-08MITRE CVE-2020-17095 “A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to […]

Read more
https://blog.basefarm.com/wp-content/uploads/2020/12/hoarfrost-4739176_1920.jpg 1076 1920 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2020-12-11 11:49:082020-12-11 11:52:00CVE-2020-17095 | Windows Hyper-V Remote Code Execution Vulnerability
Windows update

NSA publishes advisory on 25 vulnerabilities used by Chinese state sponsored hackers

October 23, 2020/in Basefarm SIRT, Security blog, SIRT /by Raymond Aarseth

The National security Agency in the United States recently released an advisory warning of the threat of Chinese state sponsored attacks and detailed 25 vulnerabilities used. The advisory gives detailed information about the vulnerabilities, what it affects and how to remediate them. Most of them are remotely exploited and can be used to gain initial […]

Read more
https://blog.basefarm.com/wp-content/uploads/2020/01/upgrade-3727076_1920.jpg 1153 1920 Raymond Aarseth https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Raymond Aarseth2020-10-23 15:40:482020-10-23 15:40:50NSA publishes advisory on 25 vulnerabilities used by Chinese state sponsored hackers
Remote beach accessPhoto by Caleb George on Unsplash

CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability

October 14, 2020/in Vulnerability bulletin /by Hans-Petter Fjeld

Published: 2020-10-13MITRE CVE-2020-16891 “A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.” This is especially bad for “hotel” environment with multiple different tenants that should not be able to influence each other, but it is also bad […]

Read more
https://blog.basefarm.com/wp-content/uploads/2020/10/caleb-george-vz4C-noFOOI-unsplash-scaled.jpg 2560 1920 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2020-10-14 17:57:472020-10-14 17:57:49CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability
Road giving access to remote areaPhoto by Ricardo Esquivel from Pexels

CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability

October 14, 2020/in Vulnerability bulletin /by Hans-Petter Fjeld

Published: 2020-10-13MITRE CVE-2020-16898 “A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets.” This vulnerability affects Windows 10, Server 2019 and Server Core versions (see full Security Advisory for proper details). It can be mitigated by disabling a network feature or blocking ICMPv6 Router Advertisement packets. Basefarm and […]

Read more
https://blog.basefarm.com/wp-content/uploads/2020/10/pexels-ricardo-esquivel-3041347-scaled.jpg 2560 1707 Hans-Petter Fjeld https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Hans-Petter Fjeld2020-10-14 17:41:352020-10-14 17:45:49CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
Page 1 of 61123›»

Recent Posts

  • 0-days in Microsoft exchange servers
  • Centreon IT monitoring software and Russian Sandworm hackers
  • Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
  • Don’t get caught in the cold with ransomware
  • CVE-2021-3156 | Heap-Based Buffer Overflow in Sudo
Subscribe via RSS

Recent Comments

  • kuncham on Oracle fixes vulnerabilities
  • Oracle Appications on Oracle Patch Update April 2013
  • Anudeep on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • Kumar on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • Øyvind Dyrnes on December 2 – Regularly download security updates and “patches”

Archive

  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012
  • 2011
© Copyright - Basefarm Security Blog
  • Facebook
  • Twitter
  • Instagram
  • Mail
Hybrid cloud for peak loads at Gotland Ferry Service Faster time to market with automated workflow
Scroll to top