What is a Web Application Firewall (WAF)?A Web Application Firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet traffic and by blocking bad HTTP traffic, malicious web service requests, and automated botnets attack.A WAF can be considered a reverse proxy protecting the servers from exposure by having clients pass through the WAF before reaching the server.WAFs are especially useful to companies that provide products or services over the Internet, such as e-commerce shopping, online banking, and other interactions between customers or business partners.GET requests are used to retrieve data from the server, and POST requests are used to send data to a server to change its state.A Web Application Firewall is generally configured according to three basic security approach:Whitelisting approach: It allows only pre-approved traffic that meets specifically configured criteria.This approach is best suited for use on internal networks that are used only by a limited group of users (for instance, employees).This security approach is best suited for web applications on the public internet as legitimate requests can come from unfamiliar client machines.WAFs have standards rules embedded in it, but your server administrator can adjust these and add on custom rules as well.Common Web Application Security Risks:Injection attacksBroken AuthenticationSensitive data exposureXML External Entities (XXE)Broken Access controlSecurity misconfigurationsCross Site Scripting (XSS)Insecure DeserializationUsing Components with Known VulnerabilitiesInsufficient Logging & MonitoringWhat Attacks do WAFs protect against?
Microsoft Office 365 is a major and the most widely used email platform for small businesses to large enterprises and government alike.
Microsoft quickly spins up a virtual instance and executes the content in a controlled and monitored environment for suspicious/malicious code.
Additionally, when a file with malicious content is uploaded to SharePoint or OneDrive, the ATP automatically scans the folder and marks the file(s) as unsafe, with a little red shield next to it.
If the user ignores or accidentally opens such files, the below warning message pops-up not allowing the user to proceed.
ATP for SharePoint, OneDrive and Microsoft Teams:
Helps to identify and block malicious files from entering your document libraries or team sites.
Even though it’ll still show in your site, the blocked file can’t be opened, moved, copied, or shared (however, you can delete it).
Hackers have stolen $800,000 from Cape Code Community College via phishing attack and malware.In the recent months, there have been multiple attacks on Community Colleges, Medium-sized Universities, Educational organizations, K-12 School Districts, in addition to crimes on local governments.The attackers have stolen $1.4 million from multiple accounts belonging to Connecticut Higher Education Trust (CHET).Prince George’s County public schools in Maryland had their staff’s personal data stolen.US DoE: K12 schools are susceptible to ransomware cyber-attacksThe US Department of Education (DoE) has issued an alert specifying that almost all K12 schools are extremely vulnerable to hackers.
The trend of attacking Managed IT Service Providers is continuing.An MSP paid hackers about $150,000 to unlock dataHackers specifically targeting MSP software platforms to launch ransomware attacksRyuk ransomware hitting a Cloud Service Provider that works closely with MSPs.Hackers have been hitting MSPs of all sizes — not just global technology service providers.of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks. Learn More
Three school districts were hit by ransomware in North Louisiana last week.Louisiana Governor John Bel Edwards has activated a statewide state of emergency in response to a wave of ransomware infections that have hit multiple school districts.There’s gold in your servers, cash in your cloud.All that data is stored in outdated network infrastructure, and that is more than an invitation.The ransomware infections last week impacted the school districts of three North Louisiana parishes — Sabine, Morehouse, and Ouachita.IT networks are down at all three school districts, and files have been encrypted and are inaccessible, per local media outlets.The first time was in Colorado in February 2018, when the Colorado Department of Transportation was forced to shut down operations because of an infection with the SamSam ransomware. Learn More
The U.S. Conference of Mayors has unanimously resolved not to give in to any ransom demands from the hackers.Considering the number of ransomware targeting cities and municipalities has grown both in frequency and intensity, the resolution, while not legally binding, establishes an official position that U.S. mayors aren’t going to take it anymore.On July 9, county officials confirmed that the school district system was crippled by the Ryuk ransomware, linked to the Grim Spider hackers thought to be based in Eastern Europe.“Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit,” the resolution reads.“The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm, therefore be it resolved that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”Some 1,400 mayors of cities whose populations exceed 30,000 make up the Conference, which recently held its 87th annual meeting in Honolulu, Hawaii.Learn More
The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post.The announcement came at an annual conference of current and former intelligence, defense and homeland security officials.Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft’s move signals that voting systems, long a technology backwater, are finally receiving attention from the county’s leading technical minds.Perez said that about 30 percent of America’s registered voters currently live in counties with voting systems that have no auditable paper trail, a situation that he and other election experts say poses an unacceptable risk.An election security bill that could help counties install more security systems by providing $600 million to the states has passed the House but has been held up in the Senate by Republican leader Mitch McConnell.About 84 percent of the attacks targeted enterprise customers — generally at organizations — and about 16 percent targeted consumer personal email accounts, the company said. Learn More
Cybercriminals used ransomware to disable the technology systems at New York’s Monroe College, according to Inside Higher Ed.They locked Monroe students, faculty and staff members out of the college’s Learning Management System, Blackboard and email system, and are now demanding about $2 million in Bitcoins.Monroe officials are working with the FBI and local law enforcement officials to investigate the ransomware attack and resolve the incident.Monroe officials have advised students to continue to attend classes and submit homework on paper and contact the college via their personal email accounts.These are perpetuated by a small group of sophisticated criminals and are targeting the organizations by size and ability to pay.They are evaluating the Pain Threshold. Read More
Hackers have leveraged Managed IT Services Provider (MSP) software to spread ransomware to their customers’ systems.About 200 hosts were encrypted and this is very small fraction of the MSPs using this widely used software.We did this by conducting a console logout and software update the morning of June 20.”In a comment from Kaseya said, “We are aware of limited instances where customers were targeted by threat actors who leveraged compromised credentials to gain unauthorized access to privileged resources.The industry continues to see MSPs and IT administrators as targets in order to gain credentials for unauthorized access.FBI, Department of Homeland Security: MSP Ransomware WarningsThis is the latest in a growing list of attacks targeting managed IT service provider (MSP) software platforms and the end customer computers linked to such systems. Read More
Cyberthreats and security incidents continue to claim the top headlines, keeping cybersecurity the top topic in our minds.The McAfee® Labs Threats Report: September 2017 takes a look back at WannaCry, its impact, and how it exploited not only technical vulnerabilities, but business processes.Additionally, report looks at how threat hunting is performed in organizations today—including the use of human and artificial intelligence.Pragmatic ways to use indicators of compromise to protect better.Find some commentary on the rise of script-based malware—usage, mechanics, and factors of growth.I don’t Wannacry no more: Perpetrator motives and business impact
You can never really tell if your business is going to be hacked.Hacking a large enterprise needs specialized skills.When employees move around, data move with them.IT person should help you to make sure you have strong data management and connection tools in place and make sure it is monitored.Get IT person to evaluate your risks, install software, monitor activity, and keep things up-to-date is a critical and essential business cost.If you are handling health, financial, or other personal information about your customers, and it gets stolen, you could have a big problem on your hands.
Mecklenburg County in North Carolina experienced additional cyberattacks after it refused to pay $23,000 in ransomware.County Manager sent an email to warn county employees about the cyberattacks and provided these workers with recommendations.Mecklenburg County would not pay the ransom, and instead would use backup data to restore government systems that were affected by the cyberattack.Office of the Tax Collector.How Can MSSPs Help Organizations Combat Ransomware Attacks?Encrypt all customer data, regardless of whether it is stored on-premises or in the cloud.
MSSPs know that the protection provided by even their most powerful and comprehensive security solutions can be quickly undermined by careless or negligent behavior of their clients.In fact, the number of people who have been let go, purely based on adherence to security guidelines has been growing rapidly.As regulatory requirements relating to data security issues become increasingly rigorous and complex, MSSPs are expected to leverage their expertise and guidance by developing practices that help ensure their clients’ compliance.While organizations may resent the bureaucratic red tape and time-consuming tasks that are often needed to satisfy governmental and industry regulations, MSSPs can allay that resentment by showing their clients how conforming to security-related regulatory requirements can result in significantly improved protection for their organizations.The U.S. cybersecurity regulations for seven different industry sectors:Financial: The financial sector has several cybersecurity requirements set by federal and state regulators.
The DHS has issued a memo essentially stating that some IT consulting firms and Managed IT service providers (MSPs) involved in Office 365 migrations are not properly securing the cloud productivity suite for customers.On the one hand, such statements can give the overall IT consulting and IT services market a black eye.But on the other hand, partners that communicate the warning (and proper Office 365 security settings) to end-customers can likely differentiate themselves from others.“Since October 2018, the Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have used third-party partners to migrate their email services to O365.The organizations that used a third party have had a mix of configurations that lowered their overall security posture (e.g., mailbox auditing disabled, unified audit log disabled, multi-factor authentication disabled on admin accounts).In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud.