Tag Archive for: Proactive

A Hacker’s Perspective For Building Proactive Organizational Defenses


Anshu is the founder/CEO of CloudDefense.AI—a CNAPP that secures both applications and cloud infrastructure.

The ongoing happenings in cyberspace continually underscore the concerning fact that hackers are getting super smart with their tricks and launching sophisticated cyberattacks more often. Whether it’s crippling ransomware attacks or sneaky data breaches, cybercriminals are showing off their cleverness and adaptability like never before. Hacking techniques are evolving faster than our traditional security measures can keep up with.

This is the harsh reality of cloud security, where hackers exploit the very nature of the cloud—its openness, its dynamism—to gain an edge. But what if you could think like a hacker? What if you could see your publicly exposed infrastructure through their eyes, anticipate their moves, and shore up your defenses before they even struck?

That’s the power of understanding hacker recon. As the CEO of a cloud security company, I’ve learned that when it comes to implementing cybersecurity strategies, it’s not enough to merely react to threats. To stay ahead of the curve, we need to think like attackers, not just defenders. That said, here I discuss how to adopt the hacker’s perspective and use it to strengthen your cloud security posture.

Understanding What Hacker Recon Is

Think of hacker reconnaissance (recon) as detective work done before a cyberattack is launched. It’s when hackers gather information about their target, such as a company’s computer systems and networks. Through this, they’re trying to understand the layout of the digital front, looking for any security gaps, attack vectors or potential entry points that they can exploit later.

Simply put, the more information they uncover, the more smoothly their “operation” can go—just like any good detective needs solid clues to crack a case. So, next time you hear about a cyberattack, remember that it often starts with this information-gathering phase.

There are two main ways hackers do their recon:

• Passive recon involves gathering information without directly interacting with the target system. Hackers might use search engines, social media, public records and other…

Source…

Fortifying cyber defenses: A proactive approach to ransomware resilience


Ransomware has become a pervasive threat, compromising the security and functionality of vital systems across the United States.

While governmental pledges and public declarations of intent to fight cybercrime are foundational, they often lack the immediate and tangible impact necessary to counter sophisticated cyber threats. Case in point – the US recently pledged, along with 39 other countries, not to pay ransoms. In theory this makes sense: don’t pay, the bad guys don’t make money and move on to other crimes. In practice, it won’t work.

government cybersecurity tools

Getting the right tools

Instead of investing time in formulating non-binding pledges rather than working on actionable solutions, the US Government should adopt a more proactive stance by directly procuring advanced cybersecurity tools.

These tools, which have been developed to keep data safe and stop ransomware attacks, exist and are continually evolving. By spearheading the implementation, through investment and education, the government can set a powerful example for the private sector to follow, thereby reinforcing the nation’s cyber infrastructure.

The effectiveness of such tools is not hypothetical: they have been tested and proven in various cybersecurity battlegrounds. They range from advanced threat detection systems that use artificial intelligence to identify potential threats before they strike, to automated response solutions that can protect data on infected systems and networks, preventing the lateral spread of ransomware.

Investing in these tools would not only enhance the government’s defensive capabilities but would also stimulate the cybersecurity industry, encouraging innovation and development of even more effective defenses.

This approach can also foster public-private partnerships, as government agencies can collaborate with cutting-edge technology firms to develop new standards, best practices, and adapt commercial tools for government use, ensuring the most robust protection possible. These collaborations can also facilitate expanded information sharing, enabling both to stay ahead of emerging threats and collectively strengthen the nation’s cyber defenses.

Moreover, the procurement of…

Source…

How to Take a Proactive Approach to DNS Health


Because DNS is such an omnipresent part of modern networking, it’s easy to assume that functional DNS infrastructure can be left running with minimal adjustments and only needs to be investigated in the event of a malfunction. Yet there are small telltale signs that precede DNS issues—and knowing what they are can help to prevent disruption before it happens.

Networking teams now have access to technology that can provide granular analysis of DNS as needed, enabling a proactive approach to DNS health that detects and fixes problems before causing dreaded downtime. Here are five tips for maximizing DNS performance and what to do in the event that you do find warning signs.

1. Establish What “Normal” Means for Your DNS Servers

There’s no specific amount of DNS traffic that indicates something needs to be addressed. Rather, you can find issues by determining your infrastructure’s specific baseline traffic and then finding anomalies.

Start with obtaining DNS statistics by season and by region, so you have enough context to know whether a trend is abnormal. Also, be sure not to overlook calls to API endpoints, image resources, and other potential destinations that are regularly active but that users are not directly calling. And take the time to establish the average resolver cardinality, or how many resolvers typically query your zones.

From there, you can assess potential threats. If there is a huge spike in DNS queries globally, the chances are high that it’s a DDoS attack. If the spike is more localized, it’s more likely to be an error originating from a specific server in that region. A sudden increase in cardinality is likely a sign of a botnet attack.

2. Find Risks with NXDOMAIN

If you observe an NXDOMAIN response, it means that the DNS record being queried simply doesn’t exist. Typos when entering URLs are inevitable, so some number of NXDOMAIN responses are unavoidable. In fact, according to recent research, about 10% of DNS queries result in an NXDOMAIN response. For an individual company, it’s no concern if that value is 6% or lower. A greater percentage of NXDOMAIN responses should be investigated, especially above 10%.

When trying…

Source…

Battle of the breach: Prioritizing proactive ransomware defense


Editor’s note: The following is a guest article from Sebastian Goodwin, chief information security officer at Nutanix. 

Over the last decade, ransomware has become the de facto tactic of cybercriminals looking to make a quick buck.

And why not? Average ransomware payments are nearing the $1 million mark, and many criminal groups are now selling their tools and services on specialty ransomware as a service marketplaces.

With nearly every business already permanently connected to the internet, global ransomware damage is expected to reach an annual impact of $265 billion within this decade.

In practical terms, this means that we will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve their tools and tactics. 

Doing business in such a world can seem overwhelming, but modern cybersecurity approaches are working to keep up with the growth of ransomware.

As a result, CISOs looking to apply advanced thinking to ransomware defense can integrate new processes and tactics as they formulate their cybersecurity strategies. 

What’s in a name? Ransomware types by description 

Today’s ransomware can come from many specialized groups and threat actors. To make things more complicated, some criminal groups even sell their tools through a ransomware as a service business model, letting anyone with a bank account or cryptocurrency wallet automate ransomware attacks via the dark web. 

Most common types of ransomware fall into six distinct categories: 

  • Crypto ransomware: After breaching individual workstations and systems, this type of ransomware finds and encrypts files, rendering them unusable. Victims are encouraged to pay a ransom or lose access to their data permanently, often by having it completely deleted off their system. 
  • Locker ransomware: While crypto-style ransomware blocks access to individual files, Locker-type ransomware affects whole machines, preventing a user from accessing any files or programs until a ransom is paid. In general, this type of ransomware affects computer systems, though some are specifically made to lock IoT and smart home…

Source…