How to secure end points in the age of Remote Working?
Introduction:
In today’s online environment, the fundamental “username and password” approach to account security can be easily breached by cyber criminals. Many log-ins can be compromised in a matter of minutes, and private data; such as personal and financial details, is under increasing threat. Strong web security relies on a variety of tools and policies. It’s important not to rely on any single method for comprehensive protection. Multi-factor Authentication (MFA) adds another layer of account security, supplementing the username and password model with another factor that only the specific user has access to. Whenever possible, users should get into the habit of protecting themselves with the extra layer of security that MFA provides.
MFA: Don’t Let Your Password Be Your Only Defense:
Traditional single-factor authentication systems require users to provide only one verification factor, i.e. the password, to access a system or application. Hackers can easily steal these passwords, and hack into an enterprise system. MFA systems require two or more factors to verify a user’s identity and grant them access to an account. MFA provides reliable assurance that an authorized user is who they say they are, thus minimizing the possibility of unauthorized access. For these reasons, MFA is much more effective at protecting systems compared to passwords.
MFA: Tips & Tricks For Stronger Cybersecurity:
Cyberattacks involve obtaining account credentials. MFA requires users to provide additional information or credentials to gain access to an account. So, even if an attacker does manage to steal passwords, it’s unlikely that they will also be able to steal or compromise the additional authentication factors required in MFA. That’s why MFA can thwart cybercriminals and successfully combat many types of cyberattacks, such as Phishing, Spear Phishing and Whaling.
An attacker may launch a phishing attack to steal a user’s credentials. But, if the user’s account is protected by MFA, the attacker won’t be able to access it. This is because a phishing email won’t provide the other authentication factors, such as one-time passwords (OTPs) sent to a different device (e.g. a mobile phone), fingerprints, or other biometric factors required to gain access to the system.
In attacks where the attacker tries to trick a user into entering their credentials, certain types of MFA such as WebAuthn require the user to enter a YubiKey or fingerprint from the system they’re logging in from. These details cannot be captured by the attacker, thus protecting the system and user.
Conclusion:
MFA cannot guarantee foolproof security or stop all cyberattacks. However, it can help protect high-value systems and accounts, secure email access, and limit the usefulness of stolen credentials. Most importantly, MFA adds additional layers of authentication to protect systems and combat many types of cyberattacks. MFA is also critical to achieving Zero Trust, the most reliable cybersecurity approach in the modern cyberthreat landscape.
Major Privacy Updates of the Week
Super Admin elevation bug puts 900,000 MikroTik devices at risk:
A critical severity ‘Super Admin’ privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected.
The flaw, CVE-2023-30799, allows remote attackers with an existing admin account to elevate their privileges to “super-admin” via the device’s Winbox or HTTP interface. A VulnCheck report published explains that while CVE-2023-30799 requires an existing admin account to exploit, this is not a low bar to clear. Read More
Decoy Dog - New Breed of Malware posing serious threats to an enterprise network:
A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it’s a significant upgrade over the Pupy RAT, an open-source remote access trojan it’s modeled on.
“Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to another controller, allowing them to maintain communication with compromised machines and remain hidden for long periods of time,” Infoblox said in a stated in a report. “Some victims have actively communicated with a Decoy Dog server for over a year.” Read More
New AI Tool FraudGPT emerges, tailored for sophisticated attacks:
Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels.
This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc., Netenrich security researcher stated in a report that the cybersecurity firm said the offering has been circulating since at least July 22, 2023, for a subscription cost of $200 a month (or $1,000 for six months and $1,700 for a year). Read More
Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users:
Tax-paying individuals in Mexico and Chile have been targeted by a Mexico-based cybercrime group that goes by the name Fenix to breach targeted networks and steal valuable data. A key hallmark of the operation entails cloning official portals of the Servicio de Administración
Tributaria (SAT) in Mexico and the Servicio de Impuestos Internos (SII) in Chile and redirecting potential victims to those sites. These fake websites prompt users to download a supposed security tool, claiming it will enhance their portal navigation safety. However, unbeknownst to the victims, this download actually installs the initial stage of malware, ultimately enabling the theft of sensitive information such as credentials. Read More
Banking Sector Targeted in Open-Source Software Supply Chain Attacks:
Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it.
The attackers employed deceptive tactics such as creating a fake LinkedIn profile to appear credible and customized command-and-control (C2) centers for each target, exploiting legitimate services for illicit activities. Read More