Cyber Security Landscape in 2022

Cyber Security Landscape banner

The past few years have been a rollercoaster of change for the security landscape. The global pandemic caught many companies off guard due to how fast they needed to adapt to a remote work environment. This allowed threat actors to use a variety of attacks, old and new, to exploit vulnerabilities in security during their transition. However, now that we are slowly emerging from the global pandemic and slowly are slowly returning to the office, can we still say the threat landscape is the same or is there a new trend slowly emerging?

Now that we have passed the halfway point of 2022, it would be a good time to reflect and understand the current threat landscape to better prepare for the end of 2022 and the years after. Let’s take a look at the data provided by Trend Micro’s latest cybersecurity report for the midyear of 2022.

MaaS and RaaS on the Rise

Earlier this year, we saw the rise of malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS). MaaS was propagated through the use of the EMOTET infrastructure that made it easier to distribute. This shows that even if EMOTET was dismantled in 2021, threat actors still use it to deploy other ransomware families to EMOTET-compromised systems.

EMOTET Attack Structure

According to Trend Micro data from its Smart Protection Network (SPN) platform, EMOTET detections have soared in the first six months of 2022. The number of detections in 1H 2021 was recorded at 13,811 while in 1H 2022 it has jumped to 148,701.

RaaS on the other hand, has grown due to it’s ease of use. RaaS is available to any would be criminal organization who can either purchase the infrastructure outright or can rent it out. It also does not need any technical knowledge to run a sophisticated attack which makes it even simpler to use. Trend Micro has detected that there are around 57 active RaaS and extortion groups and almost 1,205 victim organizations based on data they have collected throughout the 1H of 2022. They use mostly ransomware such as Lockbit, Conti, and BlackCat which has been detected from Trend’s SPN network.

Cloud Misconfiguration and Cryptocurrency-mining

Cloud-based containers have become integral into the digital transformation strategies of many organizations. However, due to its tendency to be misconfigured, it has become a big target for threat actors. According to a survey from Red Hat in May 2022, out of 300 participants who took the survey, 53% of them have answered that they have detected a misconfiguration in their containers and/or Kubernetes deployment. An independent investigation from Trend into Kubernetes clusters has shown that there are over 243,000 exposed clusters via Shodan that can be seen publicly. Some of these nodes, around 600, came back with a “200 – OK” notification, meaning attackers are free to exploit them and install and run malicious programs on the kubelet API.

Another emerging threat to come recently has been threat actors who steal cyptocurrency mining capabilities from their victims’ resources. There have been five prominent threat actor groups that Trend Micro has been able to identify.

  1. Outlaw – Primarily targets internet-of-things (IoT) devices and Linux cloud servers by exploiting known vulnerabilities or performing brute-force Secure Shell Protocol (SSH) attacks.
  2. TeamTNT – One of the most technically proficient threat actors focused on cryptocurrency mining.
  3. Kinsing – Known for quickly abusing new exploits (including the Log4Shell vulnerability) in a short period.
  4. 8220 – Known for exploiting Oracle WebLogic vulnerabilities.
  5. Kek Security – a relatively new group that uses sophisticated techniques and integrates new exploits in its attacks.

Threats are always evolving and adapting to situations within the cyberspace. This is why businesses should always work closely with security vendors to be able to stay up to date with the latest security trends. Consulting with partners like us from CT Link or even security solution vendors like Trend Micro is one way to keep ahead of the new threats that may come in the latter part of 2022 and beyond.

To learn more about the latest in the security trends or even to find someone to help improve your current security measures, please email us at marketing@ctlink.com.ph.

Exclusive Workshop: Collaborate and Stay Secure with Microsoft 365 for Business!

When the pandemic hit, businesses all over the world had to scramble and adapt. Many small and medium-size businesses really struggled with these changes and did not know if they would be able to make it through. The “new normal” has demonstrated that in order to thrive, businesses need to invest in developing capabilities in key two areas:

  • Real-time collaboration
  • Security

Real-time collaboration was hard to maintain during the start of the pandemic as many did not have the means to work remotely. Those companies that were unable to adapt to the pandemic were not able to recover their business. As you know, Microsoft Office 365 was able to help many businesses collaborate in real time and keep the user performance high even during those uncertain times.

Security does not fall behind collaboration in terms of importance during the pandemic. The spike in malicious attacks at the start of 2020 caused many businesses to lose important business data. Although some businesses were able to recover, many did not. These attacks also cost businesses significant amount of profit over time as lost business opportunities were hard to recover.

Microsoft Office 365 Business Premium Workshop

Even as we are emerging from the pandemic, remote work setups are now more accepted, and we can expect to see it from businesses. Therefore, we should keep finding ways to improve the business processes with better and innovative ways. This is why we at CT Link are partnering with Crayon Philippines to create an exclusive workshop for some of our customers to learn more about the benefits of Office 365. With better real-time collaboration and security features, this workshop aims to show you how you can keep improving despite the ever-changing IT landscape.

Interested in learning how you can attend our next exclusive workshops? Inquire at marketing@ctlink.com.ph to learn more!

3 Cloud Security Issues You Can Encounter

What are some cloud security issues you can encounter?

  1. Misconfiguration of settings
  2. Endpoint user error
  3. Cyber threats

Due to the flexibility, scalability, and mobility that cloud platforms give, numerous companies are migrating their workloads from on-premises data centers. Cloud providers invest a huge amount of money in research and development to implement better security than what a business can do on its own. But if your organization is migrating to the cloud for the first time, there might be some cloud security issues you might encounter. Read on to learn more.

Misconfiguration Of Settings

The most common cause of cloud data breaches is misconfiguration of the security settings on the user’s part. No matter how secure the cloud platform is, the risk of cyber attacks will be there if it is not utilized correctly.

If your cloud security settings are not configured properly, you’re exposing data to the internet without the use of sophisticated techniques and tools. Any stored information like email addresses or sensitive information may potentially be used for social engineering cyber attacks. In the worst case, your important applications can also be modified or deleted. But fortunately, this security issue is preventable as long as you take the time and effort to secure the platform.

For example, one of the common mistakes for first-time users is using weak passwords. These can easily be guessed or stolen by attackers. To prevent sensitive information from leaking, you might want to take a zero-trust approach to cloud security by using best cybersecurity practices. This means that you will treat all access requests, even ones coming from your employees, as malicious.

Your organization can set up multi-factor authentication processes to put an extra layer of security. Aside from a username and a password, people who need to access your data need to provide other factors to prove their identity.

Other than that, they can also use Trend Micro Cloud One, which continuously monitors and alerts you for misconfigurations so you can remove vulnerabilities and have a better-secured cloud platform.

Endpoint User Error

Your staff might make careless mistakes because they don’t have the training on how to protect company information. This can put your data or systems at risk. For example, if you’re implementing Bring-Your-Own-Device policies so your employees can use their own gadgets for work, there might be some security risks you need to know.

With BYOD, your employees can use their computers to do tasks related to business. But at the same time, they can also access URLs or use applications for personal use. Aside from these, some employees may also skip software and device updates because they can take too long to install. This can increase the chances of introducing malware to their device, leading to breaches and loss of data.

Aside from staff training, you need to use the right IT tools to protect your company data from vulnerabilities. For example, Citrix has the Endpoint Management solution which allows you to protect corporate data regardless of where it is accessed. It also provides automatic updates so your workers will have access to new features and bugs will be fixed promptly. Citrix also offers a URL filtering feature so you can restrict and allow access to specific web pages.

Cyberthreats

Concerning endpoint user error, untrained employees are also more vulnerable to social engineering attacks that can put your cloud data at risk and affect your ability to perform business processes. Some examples include phishing and a DDoS attack, which are threats that could also occur not just on the cloud but also on-premise. The advantage of using a public cloud is you will have access to resources that could prevent these problems—which can be expensive when implemented on-premise.

One of the ways you can lose data is through phishing attacks. A hacker will create fake emails and websites to get your employees to click on malicious links, or solicit sensitive company information. Fortunately, you can prevent this problem with Trend Micro’s Email Security Solution. This software examines the authenticity of the email sender and analyzes email content to protect against phishing attacks.

Another security concern that an organization can face when moving to a cloud is a Distributed Denial Of Service (DDoS) attack. This occurs when an attacker overloads or exhausts an application’s resources, making it unavailable to users. This can cause downtime for your business, lead to productivity losses, and make your data more vulnerable to hackers.

Solutions like Microsoft Azure offer infrastructure DDoS protection to their users. It has a traffic monitoring feature to look for indicators of an attack 24/7 and mitigate it if it happens. You will also get detailed reports and summaries after the attack to help your team analyze the incident.

Key Takeaway

If your organization is migrating to the cloud for the first time, there might be some cloud security issues you might encounter. But with the right security solutions, you can prevent these problems.

Make sure that your IT team configures the settings properly to maximize the security features your cloud provider offers. To improve access control, you can also implement a zero-trust approach to security and multi-factor authentication. Other than that, staff training is also a must.

If you need help choosing the right cloud solutions for your organization, you can contact CT Link!

Cloud One: A Trend Micro Solution for Cloud Builders

With cloud technology advancements, more businesses are now connecting to the cloud to solve their IT needs.  This is why the cloud infrastructure services market is now filled with different vendors, this has also caused many stakeholders to become involved in these infrastructure decisions.  This has made cloud security even tougher.  To be able to maximize the benefits of the cloud, you need to be able to balance both your business objectives and cloud security to ensure the least amount of complexity.

Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity.

Cloud One will be able to help provide you by providing a powerful security which leaves you leverage to take the benefits and efficiencies that the cloud has to offer to your business.  Being designed with multiple services to make sure that specific cloud security needs are addressed, Cloud one gives you the leg room you need to solve your present challenges while still being able to help you with future cloud needs.

With support for all major cloud platforms, and solutions that integrate directly into your DevOps processes and toolchain, Cloud One is designed to provide the flexibility you need without slowing down your business or application delivery.

Benefits of Cloud One

Automated

Security as code lets your DevOps teams bake security into their build pipeline to release continuously and frequently. With built-in automation, including automated discovery and deployment, quick-start templates, and our Automation Center, secure your environment and meet compliance requirements quickly.

Flexible

Builder’s choice. Security for your hybrid cloud, multi-cloud, and multi-service environments, as well as protection for any vintage of application delivery—with broad platform support.

All-in-One Solution

One platform that has the breadth, depth, and innovation required to meet and manage your cloud security needs today, and in the future.


To learn more about Cloud One and other Trend Micro Solutions, you can contact us at 8893 9515 and we would be happy to answer your inquiries!

Cloud Security: The Shared Responsibility Model

Have you ever asked yourself what the biggest threats are in the cloud?  The answer may not be what you’d expect it to be.  Rather than big named malware or cyber attacks, the biggest risk in the cloud happens due to service misconfigurations.  Despite the cloud’s clear operating model, teams continue to make simple mistakes or overlook the simple task of properly configuring the services they use in the cloud.

Security in the Cloud is a shared responsibility as both customer and provider has their respective responsibility, these are usually based on the Shared Responsibility Model.  The model defines which segments each are responsible for.  At a glance, are you doing your part?  Or did you assume it was handled by your provider?

One common misconfiguration misstep comes from pre-configured deployment services.  Most misunderstandings arise from thinking that after being given the configurations that they too will handle update patching and even maintenance of said configuration.  It falls on you the user to do these responsibilities and make sure that your system is safe!

Another common cause of misconfiguration is from human error.  As per our nature, we are bound to make errors along the way when working even if we take as much precaution as we can.  This is where automation can help make sure that these errors don’t occur.  Let’s say the operating system your team uses for your systems has a new patch that needs to be deployed. Instead of someone patching each of the production virtual machines, that team member should patch the original template of the virtual machines and a build system should redeploy production.

For safety measures as well, it is always in best practice to verify that your providers are doing their part in keeping you secure.  This is not to say that your provider is not doing their job, usually the 3 big cloud providers have an overwhelming amount audit evidence you can browse, its always just better to keep the habit of counter checking when security is involved.


Interested in learning more about our Cloud Security Solutions?  Contact us at 8893-9515 and we would be happy to answer your inquiries!

Office 365 Update to Help Protect you from Macro Based Malware

We are now in an era where it’s hard not to make use of new technologies such as Cloud Storage.  With your data available anywhere you are through the connection of the internet, this has helped many businesses become more flexible in their operations.  However, we are always skeptical on how safe our data is since our data is stored somewhere we do not know and if these locations are secure from cyber criminals.

Now if you are an Office 365 user, you can rest easy as they have just recently announced that they are now integrating their Antimalware Scan Interface (AMSI) to the app!  AMSI was integrated to Office 365 as a way to help improve security against attacks that make use of malicious macros and scripts that target office documents by detecting them early on or by stopping them from executing.  Below is a quote from the Microsoft Security Team for their reasoning in bulking up security against macro attacks:

“Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros.”  

If AMSI is familiar to you, it might be because it isn’t something new as it was already being used by Microsoft as early as 2015 when they announced that Powershell adopted it as well for security purposes.  To give a background on AMSI, it is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution. Any application can interface with AMSI and request a scan for any data that may be untrusted or suspicious.

If you want a more in depth read on how AMSI is helping protect you from attacks, you can read the original blog post from the security team here or you can contact us at 893 9515 and we will be happy to help you!

Your Data at Large: Some of the Common Security Pitfalls

With data mobility’s rise, you would expect that security of data would increase as well.  However, many of the controls to mitigate the risk of data exposure still rely on traditional protection.  Direct attacks, simple mistake, and even negligence are still major reasons as why data is lost.  Below are some of the most common examples of common security pitfalls:

  • Loss or destruction of endpoints
  • Using consumer-grade collaboration and file sharing tools
  • Transferring files over insecure media including USB drives
  • Emailing sensitive information to personal email accounts
  • Social engineering (i.e. phishing) – the human factor and malware

These days, we use new IT services built on multiple cloud infrastructures to work in conjunction with the legacy and custom applications (business critical apps) built on-prem, this results in business data sprawled across multiple devices and locations.  This makes the traditional enterprise perimeter almost completely eroded.  The industry’s response has been to solve each gap in security with slew of security products, which each have their own unique policies, capabilities and limitations.  This creates even more complexity in the already complex problem which can do ultimately do more damage than help.

In the global study from Citrix and The Ponemon Institute, they  discovered that:

  • 64 percent of respondents say their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files * with no expiration date)
  • 79 percent of respondents are worried about security breaches involving high-value information
  • 52 percent of respondents do not feel that their security infrastructure facilitates compliance and regulatory enforcement with a centralized approach to controlling, monitoring and reporting of data

That requires a purpose-built architecture, one that is designed and hardened for security from the ground up. Integral to this architecture is the inherent security Citrix provides by:

The solution to the problem?  Control must be given back to IT while delivering security to the business without affecting the users experience.  This type of architecture is inherent in the security Citrix provides by:

  • Centralizing and keeping data off endpoints
  • Containerizing and encrypting data on mobile devices
  • Controlling access to data contextually
  • Using file level access and control (DLP and IRM) for data in motion
  • Partnering with industry leaders to protect data

At the end of the day, people need and want to work efficiently, if we make data sharing onerous it would create more problems rather than help solve them.

To learn more about Citrix products, please visit our product page or call us directly at 893-9515.

CT Link Systems, Inc. joins Security TRENDs 2017!

Enterprises and organizations are facing next-tier, multifaceted threats that are both familiar and uncharted. As the cloud and the Internet of Things (IoT) ecosystem become more interconnected, it is essential for organizations tore-evaluate and redefine their understanding of threats, risks, and solutions in an ever-changing landscape.

With that, organizations and enterprises must ask: what threats should they prepare for? What risks are involved? What processes and procedures should be implemented?

In the face of next-tier threats, businesses must step up their game and LEVEL UP their defence against these threats.

In lieu of this, CT Link Systems, Inc. has joined Trend Micro’s Security TRENDs 2017 Executive Threat Defence Summit as an exhibitor to help educate businesses in the Philippines on the importance of Cyber Security.

To learn more or register to the event, please visit the site Here!

Join Our Upcoming Event Pushstart!

Cloud technology is being used more by many companies due to its operational and economic benefits it can provide to them. This in turn puts more importance into securing your virtualized data centers, cloud deployments and hybrid environments. Leaving any gaps or neglecting any aspect in your security can now expose you and your company to more threats and serious breaches such as ransomware and other malicious attacks.

CT Link Systems, Inc., in partnership with Trend Micro, invites you to attend our upcoming event, Pushstart, to learn more on how you can better secure your company from the growing threats on Cloud platforms such as Microsoft Azure and Amazon Web Services!

Register HERE if you would like to learn more!

 

 

Server Security: Ransomware & Advanced Attacks

Business IT environments are now at bigger risks as more and more malware, such as Ransomware, are becoming more sophisticated.  The results of malware gaining access to your IT environment could lead to as much as disruption of your business operations – mainly your service, productivity, and more importantly – your reputation.  Cyber criminals do this through business process compromise (BPC), halting your access to business critical applications and data which can last for days if not months..

Contrary to common belief that cyber threats are an endpoint issue, ransomware and other advanced attacks are also focused on your servers.  Servers are high value easy targets for cybercriminals due to the combination of readily available infrastructure via the public cloud and the increased speed of application delivery to create competitive advantage.  Server and endpoint security hugely differ in the sense that the applications and operating systems that run enterprise workloads in the data center, in the cloud and even in containers can be extremely dynamic.

Fundamentals DO matter – Patching

As servers are the driving force that pushes any business forward, tasked with housing your most valuable data, it is only natural that cybercriminals would start targeting it – whether it’s on premise or in the cloud.  Cybercriminals will take advantage of vulnerabilities found on your servers. A good example of this is the recent WannaCry Ransomware attack a few weeks ago which leveraged on a Microsoft Windows SMB vulnerability to inject itself onto servers and endpoints.  OS Patching is the best solution to these as to prevent the attack from executing. However, there are many reasons why servers are left unpatched one of which is server downtime.  It is estimated that enterprise firms take an average of 250 days for their IT (205 days for retail businesses) to fix the software flaws in their enterprise applications.

Layered Security

Hybrid Cloud infrastructures are complex, and these complexities can have gaps which can be exploited.  So what can be done to prevent situations such as compromised endpoints accessing a vulnerable file server?  Here is where advanced server security solutions such as Trend Micro Deep Security comes in.  Designed to protect workloads across physical, virtual, cloud and container environments with host-based security to shield servers from a wide range of threats.  With its range of cross generational security techniques, it will be able to enable you to easily:

  • Stop network attacks and shield vulnerable applications & servers, leveraging Intrusion Prevention (IDS/IPS) and firewall techniques;
  • Lock down systems and detect suspicious activity on servers, using techniques like application control and integrity monitoring that have been optimized for the hybrid cloud; and
  • Prevent malware and targeted attacks from successfully infiltrating your servers, leveraging proven anti-malware and advance techniques like behavioral analysis & sandboxing

Learn more about Trend Micro Products from our product page here!

 

Exit mobile version