Featured content

Version 7.0 of the Varonis Data Security Platform is here – featuring new cloud support and advanced threat detection and response capabilities: new event sources and enrichment; out-of-the-box threat intelligence applied to Varonis security insights; and playbooks that arm customers with incident response plans right in the web UI so customers can easily follow best-practice responses to security incidents.

Hackers are getting savvier. They’re constantly finding new ways to abuse system vulnerabilities and sneak into our networks. The worst part? The likelihood of a cyber attack is now higher than a home invasion. Most people don’t notice when their data has been compromised until it’s too late. The silver lining is that the rise in attacks allows us to analyze the patterns hackers follow and strengthen our defenses.

A whaling attack is essentially a spear-phishing attack but the targets are bigger – hence whale phishing. Where spear-phishing attacks may target any individual, whaling attacks are more specific in what type of person they target: focusing on one specific high level executive or influencer vs a broader group of potential victims.

The Golden Ticket Attack, discovered by security researcher Benjamin Delpy, gives an attacker total and complete access to your entire domain. It’s a Golden Ticket (just like in Willy Wonka) to ALL of your computers, files, folders, and most importantly Domain Controllers (DC).

What is CDM? The Continuous Diagnostics and Mitigation (CDM) program is a United States government cybersecurity initiative led by the Department of Homeland Security (DHS). The Cybersecurity and Infrastructure Security Agency (CISA) leads CDM with the stated purpose of:

A security audit is the high-level description of the many ways organizations can test and assess their overall security posture, including cybersecurity. You might employ more than one type of security audit to achieve your desired results and meet your business objectives.

DCOM is a programming construct that allows a computer to run programs over the network on a different computer as if the program was running locally. DCOM is an acronym that stands for Distributed Component Object Model. DCOM is a proprietary Microsoft software component that allows COM objects to communicate with each other over the network. (Network OLE was the precursor to DCOM if anyone remembers seeing that in Windows 3.1.)

Data security is an all-encompassing term. It covers processes and technologies for protecting files, databases, applications, user accounts, servers, network logins, and the network itself. But if you drill down a little in your thinking, it’s easy to see that data security is ultimately protecting a file somewhere on your system—whether desktops or servers. While data security is a good umbrella term, we need to get into more details to understand file security.

In 2012 a massive cyber attack by a hacker named “Peace” exploited over 117 million LinkedIn users’ passwords. After the dust settled from the initial attack, new protocols were put in place and the breach was all but forgotten in the public eye, the same hacker reared their head again. Nearly five years later, “Peace” began releasing the stolen password information of the same LinkedIn users from the earlier hack.

Active Directory (AD) holds the keys to the kingdom, and attackers know all the tricks to take advantage of vulnerabilities in AD to stay hidden and move around the network to find and steal your sensitive data. To counter these potential vulnerabilities, companies should perform an Active Directory audit on a regular schedule, at least once a year.

Advanced Persistent Threats (APTs) are long-term operations designed to infiltrate and/or exfiltrate as much valuable data as possible without being discovered. It’s not yet possible to estimate exactly how much data actors were able to access with Slingshot, but Kaspersky’s data says that Slingshot affected approximately 100 individuals across Africa and the Middle East, with most of the targets in Yemen and Kenya. As we saw with the Stuxnet APT, Slingshot appears to have originated from a nation-state. As an APT, it doesn’t get much better than 6 years undetected.

After the devastating Equifax incident, the New York State legislature introduced the Stop Hacks and Improve Electronic Data Security or SHIELD Act in order to update the existing breach rules. Last month, SHIELD finally became law, and NYS now has some of the toughest security and breach notification language at the state-level. We blogged about the SHIELD Act when it was first introduced back in 2017, and most of what we wrote then has made its way into the law.