PowerPoint Scams: Common Simple Tips to Defend Your IT Infrastructure

MS PowerPoint is one of the most well-loved business applications for presenting crucial matrix, profits, new projects, and launching latest products and services in front of your prestigious clients. However, are you aware that it has also become one of the most used programs that malware authors use to snoop through your systems and copy your crucial business files? The Sandworm malware that compromised the security of millions of PowerPoint files a few years ago shows how advanced scammers are getting. Below are some tips that can help you safeguard your device and applications from such threats:

Which Techniquesare Cyber Attackers Using?

Malware authors and cyber security attackers have come up with newer types of infections that not only copy your data to send to malware authors, but also irreparably damage your PCs. PowerPoint scams largely deal with utilizing simple techniques wherein hovering a mouse over aninfected PowerPoint slide triggers the infection. In addition, most common MS Office malware works only when the macros are enabled.

Security Tips to Defend Such Threats

If you do not wish for your SCADA security networks and ICS security servers to get compromised by this scam, adopt the following tips to enhance security from such threats:

Never open or click PowerPoint files that are named as Troj/DocDl-JDW or get downloaded as Troj/VBS-OP

Conduct spam recognizing trainings and workshops to train your employees tospam downloads and emails

Use a robust email filtering software to block spam and spyware, viruses,as well as worms

If an unsolicited email is from an unknown sender, delete it.

It is recommended to not use the preview mode in your email viewer as sometimes viewing an email may send your contact details and personal information to spammers

Nothing in the digital world is 100% safe, thus you will require a lot of security tips and techniques to ensure that your data never gets impacted because of computer viruses and scams. Malware authors and cyber attackers are becoming smarter, therefore users should always stay one step ahead by keeping themselves updated with the newest trends and spams.

ICS Systems: Vulnerable to WannaCry Ransomware Attack

Industrial Control System (ICS) encompasses several types of control systems and associated instrumentation used in industries and manufacturing units, including supervisory control and data acquisition (SCADA) systems. It’s a generally known fact that most ICS systems have been created without cyber security issues in mind as they were designed before cyber threats existed.With increasing connectivity to external networks and the Internet, ICS and SCADA systems have become more exposed to cyber threats such as the latest “WannaCry Ransomware” attack.

WannaCry ransomware, also known as Wanna Decryptor, WannaCrypt, Wana Decryptor and WCry, exploded into the cyber security scene on May 12, 2017 and has infected more than 200,000 devices worldwide. WannaCry affected banks, hospitals, government agencies, transportation companies and ICS of manufacturing plants. This attack took leverage of the EternalBlue (MS-17010) vulnerability, and infected networks via the Windows file sharing protocol – Server Message Block (SMB) after an initial infection. ICS networks have become vulnerable to ransomware attacks due to:

·ICS networks lack basic security controls such as authentication and encrypted communication. This means that if hacker gets access to the network, the cyber criminal can cause catastrophic damages to the organization.

·ICS and SCADA systems lack visibility, thus preventing security staff from identifying malicious programs.

·The design flaws of ICS will continue to affect SCADA security posture, putting ICS systems at a high risk of compromise.

The EternalBlue (MS-17010) vulnerability was patched by Microsoft in March 2017, and provided fixes for outdated versions of Windows. However, many organizations and industries have not installed the patches, so the situation is more complicated as of now.So, if you have not been hit by ransomware attack, follow these tips to prevent future threat and ensure greater ICS and SCADA security:

·Apply security patches to remove bugs in software and applications so that criminals get fewer options for infecting you with ransomware.

·Train staff and employees to avoid booby-trapped documents and malicious emails.

· Separate functional areas in your ICS network with a firewall, so that systems can be accessed when really necessary.

You can follow these tips to secure your ICS network and increase SCADA security both in the short term and down the road.

Your Organization Needs Multi-Level Defense against Social Engineering Attacks

Social engineering is the process of manipulating people into giving access or sharing confidential information. It is a formidable security threat to corporate networks. Social engineering attack could be in the form of an email that has been designed to seem like it is from a credible person of an organization. When you open such email and click on any attachment, it could install malware or ransomware on your system. You need proper incident response mechanism, penetration tests and security awareness training for managing your organization’s risk, governance and compliance with regard to enhanced security requirements. Check out the five most common attack types that social engineering attacker use to target their victims:

 1.Phishing mails: In such emails, attackers seek to obtain personal information from executives. Sometimes, they also embed malicious links that redirect users to suspicious websites.

2. Pretexting: Attackers focus on creating a good a fabricated scenario by building a false sense of trust in order to steal victim’s personal information.

3.Quid Pro Quo Attacks: Fraudster promises some kind of benefit, usually in the form of IT assistance, in exchange for confidential information.

4.Baiting: Baiting is similar to phishing attacks, but in this type of social engineering attack, fraudster promises an item or good in exchange for information to entice victims. Sometimes, baiters offer users free music or movie downloads by asking them to use their login credentials to sign up for a certain site.

5.Tailgating: In this type of social engineering attack, a person, who lacks the proper authentication to a premise, takes advantage of the security’s approval of an employee to gain access into a restricted area.

 Social Engineering: Incident Response

Your organization must hire managed security service provider or form security operation centre to run penetration tests to evaluate defense mechanisms and detect reaction capabilities of your enterprise. In penetration tests, security professionals use social engineering techniques to identify which types of users pose the most risk for specific types of social engineering attacks. These tests also identify which employees require additional security awareness training. If your organization knows what forms social engineering attacks are likely to take place, you will be able to improve incident response mechanism and comply with risk, governance and compliance requirements of your enterprise. 

Common Vulnerabilities That Are Present in Critical Infrastructure

Over the past few years, synchronized cyber attacks against critical infrastructure of industries have taken center stage. The coordinated cyber intrusions at three Ukrainian electric power distribution companies in December 2015 is an example of synchronized attacks that are being targeted against supervisory control and data acquisition (SCADA) and industrial control systems (ICS). A recent survey has revealed that 53 percent of respondents from public and corporate sectors said cyber attacks have increased over the previous year, and 76 percent stated cyber threats have now grown in sophistication. Therefore, organizations must assess the common vulnerabilities and take a holistic approach to ICS security and SCADA security.

1. Authentication Holes: Authentication is designed to keep wrong people from accessing critical infrastructure and data. If your organization lacks proper monitoring and training, then your authentication solutions can be defeated due to unsafe practices such as poor passwords, data sharing, and weak authentication. 2. Lack of Monitoring: From software updates to traffic monitoring, you cannot detect suspicious activities without active monitoring. Maintaining firmware, regular software updates, and monitoring online traffic of devices connected to critical infrastructure, SCADA systems and ICS are necessary for maximum protection.

3. Other Threats: Critical infrastructure is often exposed to memory corruption, insecure defaults and ransomware problems.

How to mitigate the vulnerabilities?

· Make sure you have an effective team of security professionals who can assess threats your company faces in its business and mitigate them in a cost-effective manner.

· A coordinated monitoring program and response effort is critical to an effective overall security of ICS and SCADA systems.

· Use firewall with ingress/egress filtering and an intrusion detection system (IDS) for inspection of the entire network and creation of security policies.

· Planning, preparation, and training are key elements of preparedness. You have to be prepared to manage whatever may come up. Implement appropriate mitigation plan and train employees on how to identify and report suspicious activities.

With numerous vulnerabilities that could affect critical infrastructure, increasing SCADA security and ICS security must be a top priority. Today’s ICS environment requires a layered approach. You have to fully understand the extent of the possibilities and vulnerabilities present in your system to prepare effective protective and defensive strategies to enhance ICS and SCADA security.

Ambiguity in the Industrial Control Systems: A Worrying Sign

Industrial Control System (ICS) is the core system of several industries. It consists of technologies such as distributed control systems (DCS), programmable logic controllers (PLC) and supervisory control and data acquisition (SCADA). ICS allows industries, including oil and gas, nuclear, power transmission and distribution, and chemical, to monitor and control various industrial processes. However, the same ICS is vulnerable to cyberattacks, malware infections and various threats of which these industries are not even aware of. From the December 2015 Ukrainian (BlackEnergy Trojan) Power Grid cyberattack to “Panel Shock” attack, there has been a surge in cyber threats in ICS. Securing ICS is therefore vital for global industries.

• In a recent survey, it has been found that 91 percent of all the ICS components are not safe, as most of the industries use insecure design protocols such as HTTP, Telnet, EtherNet/IP, and FTP.

• Your SCADA network is vulnerable to attacks if you have not separated enterprise network from the electrical operational network. For instance, researchers have found that the BlackEnergy Trojan attack on the Ukranian Prykarpattya Oblenergo utility was caused through a phishing attack on the enterprise network, wherein attackers sent a document with an infected Microsoft Word macro. From the enterprise network, these malware then found their way into the utility’s SCADA (supervisory control and data acquisition) network, leading to the failure of the power grid.

• An attacker cannot get into every attached device in an enterprise network but industrial controllers provide access to everything as they lack authentication and encrypted protocols. The best cyber security practice for industrial control units is to identify the vulnerabilities of high-level risk, resolve these vulnerabilities and improve the ability to respond to incidents when they occur.

Targeted attacks on ICS systems are the number one threat to critical national infrastructure of any country. With so many vulnerabilities in industrial control systems, now it’s a wake-up call for the industries to take actions and enhance their security postures. The best way to ensure ICS security is to implement a security awareness program and invest in industrial control systems security solutions such as antivirus, firewall, virtualization security, SCADA security, and unified threat management among others. Eliminate ambiguities, eliminate vulnerabilities, and eliminate targeted attacks with proactive security solutions.

How to Protect Your Industrial Control System from Ransomware Attacks

Industrial Control Systems (ICS) have been in use for decades in industrial plants and manufacturing units. However, these systems pose security issues that can be exploited by cybercriminals, and cyberattacks on ICS are growing in number each year.

A cyberattack on ICS poses a serious impact on any organization. Not just operational shutdowns, intellectual property theft, damaged equipment, financial loss, and substantial safety risks, a successful cyberattack could also irreversibly break customer trust, and bring down a business.

Recently, industrial control systems have fallen victim to an increasing number of ransomware attacks. In these attacks, targeted organizations are infected with malicious program that locks down their IT systems until a ransom amount is paid. Therefore, it becomes essential for industries to secure their Supervisory Control and Data Acquisition (SCADA) and ICS systems.

Here’s how they can improve their current state of SCADA and ICS security:

• Use only enterprise-grade management software products. Such secured managed systems allow your SCADA or ICS infrastructure to provision access to approved network resources without letting users know their credentials. When users who are connected to SCADA/ICS don’t know their credentials, they cannot be phished.

• Ransomware Attacks Use data diode and employ secured file transfer practices for enhanced SCADA security. Data diode allows you to connect lower security networks with highly secured networks, but data can only be transferred from the highly secured network to the lower one and not vice-versa. Before using portable media in the secured network zone, scan them for any malware. This would help you avoid the risk of using booby-trapped portable devices in your secured network.

Security-sensitive organizations, in particular, such as financial institutions, federal agencies, law enforcement and other industries should secure users’ access to the web browsers. Such browsers render web pages securely in the cloud, outside from the organization’s network and provide only encrypted web content, thus reducing possibilities for a cyberattack. Implement these measures to enhance your ICS security and SCADA security and protect your most critical infrastructure and sensitive assets from ransomware attacks.

Importance of Audit Logging Program in Cyber Security

Cyber threats have evolved dramatically, making cyber security audit a critical component of IT security in an organization. Auditing is an effective method of ensuring system users and administrators are in compliance with security policies. Cyber security audit and cyber security training are necessary for preventing large-scale security incidents.

It is in the best interest of organizations to have appropriate auditing program in place to effectively collect and analyze all information regarding logging features of networks, systems and applications. Audit logs are record of activities, actions and critical events occurring in the network and systems. The IT teams in organizations must maintain, monitor, and analyze system audit logs as they are helpful during security investigations. An effective audit logging program is essential to assess:

Performance of servers and systems: Performance monitoring through log reports can help to examine the system memory, inputs and the bandwidth usage. For instance, when an application server is infected with malicious program, the response time of the application becomes very slow. If bandwidth usage level suddenly increases at certain time of the day, it may indicate cyber threat.

Functional and Operational Problems of Applications: The logs provide vital inputs regarding web and system applications during incident response and incident prevention processes. Logs can be analyzed to identify suspicious login and logout times and abnormal errors occurring during administration operations. For instance, if an application system doesn’t permit external access, but an external IP address gained access to it, then the event must be recorded in audit logs for appropriate action.

Tracking and monitoring of network boundary devices: Devices connected to your network must be tracked and monitored to know the incoming as well as outgoing traffic. Logs collected from these devices can reveal a lot of information regarding a cyber attack to help determine source and extent of threats.

Without appropriate log reports and auditing of these logs, an attacker's activities can go unnoticed. This might result insecurity breach that could have been prevented by the IT team of an organization. While cyber security audit of information systems and networks is essential for identifying suspicious activities, audit logs should be also stored for security auditing and investigation purposes. IT administrators and security officers must be given cyber security training on how to properly store, manage and audit log reports so as to increase the effectiveness of security measures.

Are you doing enough to secure your organization’s sensitive information?

Cyber security incidents have grown in sophistication and volume with the growth in social, mobility, analytics, cloud and Internet of Things (SMACT) technologies. Security breaches cost companies millions of dollars every year. A recent survey has revealed that the average cost of a data breach has reached $4 million – that’s a29 percent increase since 2013. So, what are you doing to secure your organization's most sensitive information and vital data? Cyber security audit and cyber security training are essential steps to secure sensitive information and critical data. Here are five ways how security audit and training can help ensure protection of your data.

## Help in proper data classification and complete visibility Don’t assume that your organization’s data is under rigid control, without proper auditing report as it can put sensitive information at serious risk.Continuous auditing solutions give you real-time information as well as help you categorize data so as to differentiate between sensitive and non-sensitive data. Prepare a codified data policy and categorize company’s information into restricted, private, and public for better visibility, handling and security of data.

## Help you identify the most secured security software The purpose of cyber security auditis to determine how effective your security controls are in mitigating cyber risks. Auditors give you vital insight into security position and the loopholes present in your security procedures. From accounting software to CRM software, auditors can help you identify the most secured software that have been developed using stringent security standards for securing high-value assets and important data.

##Help you implement company-wide security practices

With the rise of bring your own device (BYOD), employees from C-suite members to executive-level employees should follow a company BYOD policy. Cyber security training helps employees identify data issues and potential security threats. Security awareness and education would help everyone in the organization to be proactive and adhere to the security practices.

Security is an ongoing process, and not a product. You cannot just buy it and rest assured that your IT network and data are secured.In today’s digital world, keeping sensitive data secured is not easy. But with continuous cyber security audit and security education, you can prevent cyber attacks.

Be Prepared: Secure Web and Mobile Applications from Cyber Threats

Today, applications are increasingly playing a vital role in business operations and customer services. However, applications have inherent security risks to business data and networks that cannot be underestimated. According to a recent study, high-risk mobile applications are responsible for 70% of malware threats to the networks. That's alarming, especially if these mobile applications serve as the entry point for malware attacks on corporate networks to obtain sensitive data. Another report has revealed that an estimated 16 million mobile devices worldwide have been attacked by malware. "Vulnerable web applications" have been ranked the highest of all the listed potential cyber security threats. From small to large enterprises, organizations need to recognize the risk unsecured applications pose to their business operations, and consider taking managed security services, and more importantly, perform penetration testing to ensure the applications used by their customers, employees and business are as secure as possible.

1. Holistic Approach to Application Development Malware targeting applications are increasing in sophistication with more robust control protocols. Safeguarding applications from malware threats should be performed at the development stage. All security issues need to be identified at the initial stage of application development, especially for in-house apps, to secure app models and eliminate downstream concerns. An application has three layers: front-end presentation layer, application code layer and database back-end layers. The app security model must secure each of the layers to preempt future attacks.

2. Monitor and Manage The right managed security services provider can help you properly monitor and manage the secured app environment. They have necessary tools at their disposal to perform penetration testing on applications, vulnerability assessment and binary static testing, which will help you know whether or not your applications can withstand many of the modern attacks. Cyber security audits of applications can help provide you the peace of mind regarding application security.

3.Follow App Security Best Practices Combination of poor coding practices by app developers and the lack of app security expose applications to several vulnerabilities. Applications should be developed by carefully following coding best practices. Behavioral and binary static analysis of applications must be performed to identify malicious codes in the applications.

Following best practices such as penetration testing, app security monitoring and relying on managed security services provider are the best way to keep your applications safe in this ever-changing cyber threat landscape.

 Penetration  Testing is the simulation of an attacker's activities with the goal of  testing/validating the security of IT systems. For more about penetration  testing visit our website.

Why Should You Consider Managed Security Service!

Cyber securing your business is important regardless of the size of the industry as everyone is vulnerable to some sort of cyber attack. The question is how to implement a counter measure program. Like a quick white wash on a wall, many of the companies jump the gun without even knowing what they are doing. There are certainly good reasons to implement an in-house program when you have the resources to pull it off. However, there are other companies who cannot afford to do so or do not fit the profile where keeping an in-house security will prove to be ineffective. This is where managed security services provider enter the scene as they will be able to provide an ideal solution to protect your assets and your critical IT infrastructure. Here are the factorsto ponder when you consider tohire a managed security services provider:

Why not take advantage of a trained and experienced team instead of building a team from the scratch and paying for their cyber security training? Building an in-house information security team will take up large amount of time and effort and you may still end up short on the skills you need.

With a managed security services provider, you can receive round-the-clock security monitoring for less cost as compared to one shift done in-house.

You will also gain expertise from personnel with large security knowledge base, as they have insight into a wide cross section of clients and industries. It allows them to answer to security threats across its entire customer base.

You will be able to attract and retain customers if you are amongst the companies that can be trusted. No customer would like to do business with an unsecured company that is vulnerable to cyber attacks. With the assurance that an expert is making sure that your systems are protected, you can focus on your core business and build trust with your customers.

With security experts taking care of your security, you will have one less thing to worry about.

With trained professionals and established processes working together, it can lead to actionable security and compliance information in a relatively short period of time compared to in-house security.

Unlike with in-house security where the cost remains fixed, with managed security services, the cost varies with the life subscription. This will provide you with more flexibility when budgeting IT expenditures.

 Quann  Security has experience in providing various IT solutions and services, Quann  Security has branched out its service to Cyber Security Training in  Singapore.

Handling Cyber Risks

Cyber security is a broad level of responsibility as cyber risks are at the top of the international agenda. High-profile breaches have increased fears about hack attacks and other security failures that could end up hampering the global economy. The foremost and important way to tackle this is by implementing cyber security audits. An audit can expose the security vulnerability of organizations which can then be improved upon. The world now is increasingly becoming interconnected and it is highly recommended for business outfits to heed attention towards cyber security especially when almost each week there are headlines about hacks.   One way to go about this is outsourcing it to audit suppliers, it can also be handled internally but it's almost impossible to effectively audit yourself. Here are few of the factors your cyber security audit should cover:- •Independent external scan and penetration testing •Additional external scan and vulnerability scan after remediation •Create an inventory of devices that your organization is using and update all systems to best practices. •Conduct internal security software assessment - meaning assessments of software such as anti-virus, anti-malware and other protection software being used •Assess the incident response capability •It is critical to involve people who have the necessary credentials, and with appropriate depth in technical skills and knowledge of the current risk environment. •It is vital to assess the entire framework of cyber security rather than just cherry pick items to conduct your audit These days due to inter connectivity the chances of your organization having network security issues are very high and one other way to tackle it is to conduct cyber security training. Training your IT personnel to tackle breaches will lower the rate of breaches. The cost of addressing it will also reduce if the breach is identified sooner. It can also prevent the negative press that can result from security breaches. Enrolling your organization’s IT staff to cyber security training will improve overall compliance with your organization's information security policies, procedures, standards, and checklists.

Threats and Related Techniques! Know More About it!

The Internet is reasonable to deal overall. Along with thousands of pros that it promises to offer, there are a few issues that tag along. It grows vulnerability of your personal data, hence the reporting techniques need to be growth oriented too. Stating what I mean, Rendering the protection against the herds of Virtual Risks is immense. It can be done! But what is needed, is the continuous upgrades of such pandemic list of cyber threats. Brief about the upgrading techniques Cyber Security Auditing is a manual or machine generated technical assessment of the inspected Malware/Trojans or etc.Automatic assessment is more of a system based review protocol. Audit reports are automatically generated as per the desired contrasting format or system, these systems generated outputs even carry the change in the system’s internal log and file notations. So as it turns out, the generated log of one System may lead to safeguarding several others along with it. Hence Cyber Security Auditing is a value for all the level of stiff work-phase. What are the ‘Systems’? Is it just my computer? Well, System can be your PC, Servers if you use Wi-fi. It may be network router/switch; whichever way you connect to the network. The word System here is the collection of the part that is capable of generating a log of the internal confrontational manual that is seen under a threat attack, leading to non-streamlined working under the act of prevention. Cyber Security Training is a technique where users are given knowledge regarding better password policy, knowledge of Potential job loss and possible civil and criminal law penalties for awareness in Internet Security, and threats drills. So assets can be saved by proper cyber security training and cyber security auditing. Being alert is the key, always.