Security – CT Link Systems, Inc.

Preparing Your Cyber Security in the Philippines for 2023

Businesses in the Philippines are facing an increasingly challenging prospect when it comes to Cyber Security. As the past few years have shown, cyber criminals don’t discriminate when it comes to who they target for attacks. SMBs and enterprises are both fair game when being hit by cyber attacks and data breaches. This is why businesses of all sizes should properly consider their cyber security solutions for 2023 and beyond. However, it is not an easy task to do as threats and trends are always changing due to the fast-paced nature of technology. Many businesses always end up not knowing where to start and if they are being cost-effective with the solutions they are looking into.

To help businesses this 2023, we would like to talk in depth on what preparations and expectations should include for cyber security plans this year.

Four Major Threats to Cyber Security in the Philippines

There are many forms of cyber attacks that have happened in the past few years. The four most frequent attacks have been the following:

Business Email Compromise (BEC)
Ransomware
Password Compromise
Account Takeover

Any form of cyber-attack can cost a business a fortune, whether its an SMB or enterprise business, if not handled correctly. This does not even consider the reputational damage and downtime a business can face once it is known to the public. The sad reality is that there is no fool-proof solution that can ensure that your company will never experience a breach. However, there are ways to ensure that you can minimize the chance of it occurring or the impact of the attack to your business.

Cyber Security Measures: Preparing an Incident Response Plan

One of the best defenses for your business that many cyber security experts recommend is to create and test an incident response plan. Knowing how to response to certain security situations will help speed up the response time when an attack happens. Businesses should formalize their plan and run practical tests for their team to better handle the different security incidents that can happen. Incident response planning offers businesses the added benefit of giving your team the insight of where security gaps may be in your security systems. Thus, helping you know where to better improve security to prevent attacks from happening.

Investing in Cyber Security Safeguards

In addition to having an incident response plan, investing into cost-effective security solutions can help reduce the need to implement your plans. Below are a few tools that businesses should look to improve their cyber security this coming 2023:

Multifactor Authentication (MFA) – Prevent intrusions via stolen, phished or compromised credentials through verification methods that prove the user’s identity. This can include methods such as two-factor authentication, biometrics, SMS OTP, etc. According to Microsoft, using the extra authentication method can foil almost 99% of account-based cyberattacks.

Email Security – Investing in a good email security goes a long way in today’s security environment. Many of the hardest hitting cyber attacks like ransomware and BEC are email-based.

Backup and Recovery – Backing up business data is very important, especially in the ransomware era. There are many options your company can take when investing in backup solutions. Both on-prem and cloud solutions have their pros and cons, but both work to your companies benefit.

Endpoint Detection and Response (EDR) – EDR can help businesses detect threats that have evaded other security solutions that are in place. It allows for quicker response time to prevent major damage to your system while also lessening the burden of pressure on your security team with alerts mapped to the MITRE ATT&CK framework.

You may read more about the different preparations your business can take here. You may also consult with us directly by contacting us at marketing@www.ctlink.com.ph.

Phishing Evolving: Learning About Modern Evasion Methods

December 9, 2022April 20, 2023 Arby News and Events Email Security, Phishing, Security

Email has been a staple use of communication ever since it was introduced. Businesses are constantly trying to keep their email security updated to avoid attacks and data leaks. However, attacks like phishing are constantly evolving to evade email security technology. From attacks that try to fool users into clicking links to emails exploiting vulnerabilities, attackers are mixing or combining them to better succeed in getting into your network. This is why it is important to not only update your security, but to also educate your users.

Below are a few of these methods that are being used in the online environment that you and your users should be aware of:

Favicon Evasion

The first Phishing evasion method affects the icon of the browser tab called the favicon. If you look carefully at some links that ask you to login to your account, there are some inconsistencies. The left image and right image are similar but have major differences. This is purposely done to evade detection from email security, the left image has different color patterns then the actual Microsoft logo.

Logo Evasion

They also apply small differences on the logos they use on the login link. The left image uses a similar font and is in bold. This is to cause errors in template matching and increase the chance of being missed in Phising detection engines similar to the Favicon Evasion method.

Form Evasion

When looking at the inside of the sign-in link (the HTML code), we might see some things that look suspicious. Some detection engines are looking for form codes, so what attackers do is use <div> tags instead to look exactly the same.

Suspicious Text in Images

Some detection engines scan for fields that asks for a user’s password, like “enter password”. This is then investigated if this is a legitimate site. How attackers try to bypass this, they use a text image of “enter password” to evade this.

Phishing evasion methods Suspicious Text

Input Field in Disguise

Another technique that phishing detection engines may use is scanning the HTML for input fields, indicating that this might be a credential theft attempt. In this attack, attackers hide an input field by creating an empty div with a background image showing the word password. This is another way attackers evade detection from email security solutions.

To learn more on email security methods or if you would like to better educate your users, you can consult with us by sending us an email at marketing@www.ctlink.com.ph!

Cyber Security Landscape in 2022

October 20, 2022April 20, 2023 Arby News and Events Cloud Security, IT Security, Security, Trend Micro

The past few years have been a rollercoaster of change for the security landscape. The global pandemic caught many companies off guard due to how fast they needed to adapt to a remote work environment. This allowed threat actors to use a variety of attacks, old and new, to exploit vulnerabilities in security during their transition. However, now that we are slowly emerging from the global pandemic and slowly are slowly returning to the office, can we still say the threat landscape is the same or is there a new trend slowly emerging?

Now that we have passed the halfway point of 2022, it would be a good time to reflect and understand the current threat landscape to better prepare for the end of 2022 and the years after. Let’s take a look at the data provided by Trend Micro’s latest cybersecurity report for the midyear of 2022.

MaaS and RaaS on the Rise

Earlier this year, we saw the rise of malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS). MaaS was propagated through the use of the EMOTET infrastructure that made it easier to distribute. This shows that even if EMOTET was dismantled in 2021, threat actors still use it to deploy other ransomware families to EMOTET-compromised systems.

Cyber Security Landscape emotet — EMOTET Attack Structure

According to Trend Micro data from its Smart Protection Network (SPN) platform, EMOTET detections have soared in the first six months of 2022. The number of detections in 1H 2021 was recorded at 13,811 while in 1H 2022 it has jumped to 148,701.

RaaS on the other hand, has grown due to it’s ease of use. RaaS is available to any would be criminal organization who can either purchase the infrastructure outright or can rent it out. It also does not need any technical knowledge to run a sophisticated attack which makes it even simpler to use. Trend Micro has detected that there are around 57 active RaaS and extortion groups and almost 1,205 victim organizations based on data they have collected throughout the 1H of 2022. They use mostly ransomware such as Lockbit, Conti, and BlackCat which has been detected from Trend’s SPN network.

Cloud Misconfiguration and Cryptocurrency-mining

Cloud-based containers have become integral into the digital transformation strategies of many organizations. However, due to its tendency to be misconfigured, it has become a big target for threat actors. According to a survey from Red Hat in May 2022, out of 300 participants who took the survey, 53% of them have answered that they have detected a misconfiguration in their containers and/or Kubernetes deployment. An independent investigation from Trend into Kubernetes clusters has shown that there are over 243,000 exposed clusters via Shodan that can be seen publicly. Some of these nodes, around 600, came back with a “200 – OK” notification, meaning attackers are free to exploit them and install and run malicious programs on the kubelet API.

Another emerging threat to come recently has been threat actors who steal cyptocurrency mining capabilities from their victims’ resources. There have been five prominent threat actor groups that Trend Micro has been able to identify.

Outlaw – Primarily targets internet-of-things (IoT) devices and Linux cloud servers by exploiting known vulnerabilities or performing brute-force Secure Shell Protocol (SSH) attacks.
TeamTNT – One of the most technically proficient threat actors focused on cryptocurrency mining.
Kinsing – Known for quickly abusing new exploits (including the Log4Shell vulnerability) in a short period.
8220 – Known for exploiting Oracle WebLogic vulnerabilities.
Kek Security – a relatively new group that uses sophisticated techniques and integrates new exploits in its attacks.

Threats are always evolving and adapting to situations within the cyberspace. This is why businesses should always work closely with security vendors to be able to stay up to date with the latest security trends. Consulting with partners like us from CT Link or even security solution vendors like Trend Micro is one way to keep ahead of the new threats that may come in the latter part of 2022 and beyond.

To learn more about the latest in the security trends or even to find someone to help improve your current security measures, please email us at marketing@www.ctlink.com.ph.

Exclusive Workshop: Collaborate and Stay Secure with Microsoft 365 for Business!

June 10, 2022March 9, 2023 Arby News and Events Cloud Security, Microsoft, Office 365, Security

When the pandemic hit, businesses all over the world had to scramble and adapt. Many small and medium-size businesses really struggled with these changes and did not know if they would be able to make it through. The “new normal” has demonstrated that in order to thrive, businesses need to invest in developing capabilities in key two areas:

Real-time collaboration
Security

Real-time collaboration was hard to maintain during the start of the pandemic as many did not have the means to work remotely. Those companies that were unable to adapt to the pandemic were not able to recover their business. As you know, Microsoft Office 365 was able to help many businesses collaborate in real time and keep the user performance high even during those uncertain times.

Security does not fall behind collaboration in terms of importance during the pandemic. The spike in malicious attacks at the start of 2020 caused many businesses to lose important business data. Although some businesses were able to recover, many did not. These attacks also cost businesses significant amount of profit over time as lost business opportunities were hard to recover.

Microsoft Office 365 Business Premium Workshop

Even as we are emerging from the pandemic, remote work setups are now more accepted, and we can expect to see it from businesses. Therefore, we should keep finding ways to improve the business processes with better and innovative ways. This is why we at CT Link are partnering with Crayon Philippines to create an exclusive workshop for some of our customers to learn more about the benefits of Office 365. With better real-time collaboration and security features, this workshop aims to show you how you can keep improving despite the ever-changing IT landscape.

Interested in learning how you can attend our next exclusive workshops? Inquire at marketing@www.ctlink.com.ph to learn more!

Office 365 Tips for Improving Data Security

May 27, 2022May 27, 2022 Arby News and Events IT Security, Microsoft, Office 365, Security

Microsoft Office 365 Tips for Improving Data Security

Microsoft Office 365 has become one of the most widely used collaboration tools for many businesses around the world. This is due to the familiarity, convenience, and functionality that the platform gives its users. The pandemic made it even more apparent when businesses had to close their offices and remote work was enforced globally. However, cyber criminals are aware of this and are actively looking for ways to exploit user ignorance for their gain.

Below are a few security tips to help you and your company improve your Office 365 security:

Enable Device Protection

Microsoft Office 365 Tips for Improving Data Security protection

Users of Office 365 will agree that one of the best features it has is its mobility. Being able to access your files, collaborate with others, and checking business emails on any device is incredibly convenient. However, this can lead to security risks in the long run if devices are not properly secured.

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It helps your organization properly manage and secure your users’ devices, whether or not they are using company devices or using their personal devices (BYOD). One example of its capabilities is preventing emails from being sent to people outside your organization. It also allows your corporate data to be secured even if they are on a personal device, keeping it isolated from personal data.

Microsoft Intune Capabilities

Option to be purely cloud or co-managed with configuration manager and Intune.
Customize rules for both personal and organization-owned devices when accessing corporate data and networks.
Protect your company information by controlling the way users access and share information.
Ensure security compliance for all devices and apps

Set up Email Security

Microsoft Office 365 Tips for Improving Data Security email

Attackers usually take the path of least resistance when targeting your network which is usually your users. Phishing attacks have gone up since the pandemic since users are more vulnerable outside your network. Making use of the default Office 365 anti-phishing capabilities can help your company monitor and block known campaigns to lessen the risk of a breach. These functions can be enabled through the Microsoft Defender in the settings window.

If your company would like a complete email security solution for your Office 365 defense, Trend Micro Email Security for Office 365 can help. The Trend Micro solution uses an optimum blend of cross-generational threat techniques, like machine learning, sandbox analysis, data loss prevention (DLP), and other methods to stop all types of email threats.

Trend Micro Email Security Capabilities

Stops phishing and spam by examining email senders, analyzing email content and malicious URL
Protects against BEC by examining email behavior while allowing you to define priority users for BEC protection
Detects and blocks advanced threats using machine learning and sandbox analysis

Turn on Multifactor Authentication (MFA)

Enabling the MFA capabilities of Office 365 adds an additional layer of security to avoid data breaches. By verifying each user that requests for access, lessens the chance that any malicious attacker can get into your network. Office 365 MFA can be enabled for individual accounts or through policies for all users. Individual account option makes users go through authentication on their login while policy-based MFA can be customized based on the user’s role or permission levels. The policy-based option is not available on all licenses.

RSA SecurID is another option if you are looking to improve your MFA capabilities for Office 365. With a native Office 365 integration, you can better secure your network with a variety of different authentication methods. The below authentication methods are also available whether or not the user has internet access:

Hardware tokens
Soft tokens through the mobile app
Biometrics through the mobile app
Tokens received through Email or SMS

For further security form the RSA solution has machine learning for its authentication solution. However, it is not included in the basic edition.

Contact us at marketing@www.ctlink.com.ph to learn more on how you can better secure your Office 365 suite today!

Security Advisory: Multiple Microsoft Exchange exploits being used by Threat Actor Hafnium

March 4, 2021March 7, 2023 Arby News and Events Microsoft Exchange Server, Microsoft Security, Microsoft Updates, Security, Security Advisory, Vulnerability

Microsoft has recently just announced a security update with regards to a set of new exploits found being primarily used by a state-sponsored threat actor based in China which Microsoft has called Hafnium. The previously unknown exploits used by Hafnium targets on-premise exchange server software to gain initial access to the network by disguising themselves as someone with access privilege. They then create what is known as a web shell to gain control over the compromised server remotely, making it easy to steal data.

Affected Servers and the Remediation

The exploits used by Hafnium targets Microsoft Exchange Servers, so users of Microsoft Exchange Online are not affected. Below are the versions that can be targeted by the exploits:

Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

Microsoft highly recommends that businesses with the affected Exchange servers immediately update them with the latest security updates to ensure protection against the exploits. If you are unable to immediately do so for all servers, Microsoft has said that you need to first prioritize external facing servers as they are the most vulnerable to these attacks but ultimately you would need to update them all to stay safe. Listed below are the security patches released by Microsoft for each exploit:

Is it possible to check if I have been already affected by these exploits?

Microsoft has released a detailed guide on ways to check you network logs to see if you have been affected, you may refer to this link if you would like to read more on it.

Protect users from browser based-attacks with Citrix Secure Workspace Access

January 28, 2021March 6, 2023 Arby News and Events Citrix, citrix secure web, IT Security, secure access, Security, swa, Web Security

The way we work has changed. The imposed strict social distancing rules due to the global pandemic, combined with the growing representation of the digital-savvy millennials in the workforce were catalysts in moving organizations forward in their digital transformation journey to increase employee mobility.

However, this shift in workplace culture has increased the security risks brought about by the proliferation of BYO devices of employees that access resources via VPN. When not secured properly, these devices serve as additional entry points for cybercriminals to the organization’s network.

Key challenges in traditional security controls

Mishandling of data and misuse of network access have become a growing concern, increasing the demand for more control and visibility over the users’ granular access to permissions to data.

Threats that may come from malicious websites, such as spoofing web conferencing sites, should be isolated from the corporate network to protect corporate data.

Employees may knowingly (or unknowingly) access restricted websites such as pornographic or social media web pages. The organization must block those attempts to protect its assets.

To address these challenges is a big step forward for organizations to improve their digital transformation journey. Although this is easier said than done, Citrix may have the answer to help you address these challenges.

Citrix Secure Workspace Access

The Citrix Secure Workspace Access service provides a unified experience by integrating single sign-on, remote access, and content inspection into a single solution for an end-to-end Secure Workspace Access. It does this by providing your administrators the ability to:

Configure a workspace to securely add, manage and deliver access to apps from any device

Configure web filtering to allow/block websites that can be accessed by the end-user

Isolate web browsing to protect the corporate network from browser-based attacks with no user device configuration needed

With these, administrators can rapidly roll out secure browsers, providing instant time-to-value. By isolating internet browsing, IT administrators can offer end users safe internet access without compromising enterprise security.

This is only the tip of what Citrix Secure Workspace Access can provide to your organization, if you would like to learn more, you may fill out the form below and we will get back to you as soon as we can!

Security Advisory: Zerologon, a level 10 Critical Vulnerability

September 25, 2020April 20, 2023 Arby News and Events Security, Trend Micro

It was recently discovered that a new Critical vulnerability, named Zerologon, has been found for windows which is so severe that the Common Vulnerability Scoring System (CVSS) has given it a score of 10 out of 10 and Microsoft itself has rated it as a severe vulnerability.

What is Zerologon?

The vulnerability was found in Netlogon which is the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. The vulnerability in Netlogon allows for attackers to:

Impersonate the identity of any of computer on your network during an authentication attempt on a domain controller
Disable security features in the Netlogon authentication process
Change a computer’s password on the domain controller’s Active Directory

The only limitation for the vulnerability is that the attack can only be done if the threat actors already have gotten into your network.

What can I do?

Firstly, it is highly recommended that you update your Microsoft security to avoid this vulnerability. This is the most important step into making sure that your network is not affected by this critical vulnerability. You can find the Microsoft security advisory CVE-2020-1472 here.

If patching cannot be done immediately, one way to help mitigate an attack is to prevent attackers from getting into the network. As stated above, the limitation of this attack is centered on them getting inside the network, however, once they do, it means that they will be able to take control of your whole network.

Trend Micro Solution

For our Trend Micro customers, Deep Security or Apex One can be used to do virtual patching to help mitigate the attacks to help ensure that your network is safe. Below are the IPS rules that may help you strengthen your defense if patching cannot be done immediately:

IPS Rules

Deep Security and Cloud One – Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP)

Rule 1010519 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
Rule 1010521 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability Over SMB (CVE-2020-1472)

Please note that both rules are already set to Prevent.

Other Inspection / Detection Rules

Deep Discovery Inspector

Rule 4453: CVE-2020-1472_DCE_RPC_ZEROLOGON_EXPLOIT_REQUEST
Rule 4455: CVE-2020-1472_SMB2_ZEROLOGON_EXPLOIT_REQUEST

For those interested in learning more about the attacks, Trend Micro is also hosting a webinar this coming September 29, 2020 to talk more in detail about the vulnerability. You can register for the free webinar here.

If you have any questions with regards to either Zerologon or the Trend Micro solution to help prevent the attacks, please just contact us via email (rcruz@www.ctlink.com.ph) or through our landline 88939515 and we would be happy to answer your inquiries!

Texture vector created by macrovector

Liberty Mutual: An Insurance Case Study for Office 365

December 5, 2019March 6, 2023 Arby News and Events Collaboration, Security

In the insurance industry, business is all about protecting valuable items of people. This is why insurance industries need to make sure that they are using tools and technology that serve to bring their clientele sufficient protection. This is to help make sure that their products and services stay innovative. A good example of a company doing this in practice is Liberty Mutual. With more than 50,000 employees and 900 global locations, Liberty Mutual is one of the few in the industry that experience business on a large scale.

This is why they have a few unique problems that they run into as a bigger insurance business. They are forced to compete with many internet startups who have the advantage of mobility through the use of cloud-based technologies. They also need to take care from their other competitors as well who try to disrupt their value chain and build stronger relationships with their client base.

To overcome these challenges, Liberty Mutual had to make a change, a digital transformation. Microsoft office 365 and power BI were just the products to help them start this journey. Office 365 improved the collaborations of their worldwide team. They are able to share insights more conveniently, helping them with the product development process and shorten the time for breakthroughs for products the import and export globally.

Analytics is also a very important ability to have in the industry. Office 365 has helped Liberty Mutual through faster response to market changes. They are now moving to a more agile development process in which smaller groups from multi-disciplinary employee groups are able to collaborate on new products with more efficiency. Chat-based real-time collaboration has increased their proportion of people across their company who normally could not collaborate with each other through regular means. Analytic tools as well is the other way in which helped them increase their efficiency, this is where Power Bi comes in. With just the right amount of user friendliness and high-level insights, even departments like Claims, Legal, Reinsurance and HR are able to quickly pick out information from just the dashboards and KPIs.

With new tech savvy recruits, they are now accustomed to wanting mobility compared to on-premise workstations. They need to be able to have access to what is normally on-premise on the go, this is not only a storage concern but also security one. Office 365 helped them as they are able to access their documents and emails on the go while still maintaining a high level of security for their employees.

To learn more about Office 365 and other Microsoft products, you may contact us at 8893-9515 and we would be happy to answer your inquiries!

Five Data Protection Requirements in Healthcare that Unitrends can Help you Solve

October 11, 2019April 20, 2023 Arby News and Events Backup solution, Business Continuity, Data Protection, Healthcare, Security, Unitrends

When it comes to business continuity, the healthcare industry faces many unique requirements and challenges. With the need of 24 hours, 7 days a week and 365 days availability, and the need to safeguard the content of their electronic health records (EHRs), it can be a hard task to fulfill while still keeping within a reasonable budget.

This is where Unitrends can help. Below are a few unique requirements that the healthcare industry faces and how the Unitrends solution meets to solve them.

Uptime Requirements

When it comes to recovery time objectives (RTO), most industries have them in hours as they have more time to work with. This doesn’t follow for the healthcare industry as they need their RTOs in a matter of seconds or minutes.

Unitrends Instant Recovery can failover applications in literally seconds. Unitrends Recovery Assurance delivers automated recovery testing, site and application failover, ransomware detection, and disaster recovery compliance, both locally and in the Unitrends Cloud.

Highly Targeted by Ransomware

Due to the nature of healthcare, data of patients are critical for the business to function. Ransomware criminals are aware of this and that is why the industry is a prime target.

Unitrends products can do security scans against your production applications – but using your backup data instead. It can spin up your applications in a specific order, isolate them from production, execute security tests, and automate reports and alerts immediately upon detection of ransomware

Highly Regulated

For companies that need to work with the Protected Health Information (PHI) must ensure that all the required physical, network, and process security measures are in place, well documented and strictly followed. This is required by HIPAA.

Unitrends offers a portfolio of 15 all-in-one enterprise physical appliances that are pre-loaded and pre-tuned with powerful software that not only covers on-premises backup but also long-term retention and disaster recovery in the HIPAA compliant Unitrends Cloud.

Must Control Highly Proprietary Data

Healthcare IT must know where their physical data is located at all times of the lifecycle as well as control who can access it.

Unitrends Recovery Series and Unitrends Backup software can replicate data locally, to a remote site or to the HIPAA-compliant Unitrends Cloud. From any of those locations data can be stored for long term retention and / or used for disaster recovery purposes.

Support Large Numbers of Non-computer Savvy Users

Usually, the general staff of healthcare are considered to be beginners or illiterate when it comes to new IT related technologies that have come out in the recent years. This makes them very prone to mistakes which in turn can keep their IT counterparts quite busy.

With a common and intuitive user interface across all products, even untrained IT staff can easily find individual files in backups. A few clicks and the entire recovery process, from login to file restoration usually takes less than 5 minutes.

To learn more about Unitrends, you may contact us at 8893-9515 and we would be happy to help you!

← Previous