It’s been a busy year for security professionals around the world and it shows no sign of slowing down as we close out the year. As we do every year around this time, we here at Hornetsecurity have not only released our annual Cyber Security Report, but we also ran a panel event with some amazing experts where we discussed the findings of said report and also discussed the threats we’re likely to see in the coming year.
As part of this event, we fielded several questions from attendees, and as is often the case with live sessions, we didn’t have the time to address every single question. That said, this article does just that. Below are 14 questions from the event along with answers from our experts.
However, before we get to the questions, you can watch our panel discussion here.
Now, without further delay, let’s get to our questions list!
The Questions
1 – Are anti-spyware and similar solutions not enough to suppress attacks on their own?
Anti-malware/anti-spyware solutions are only able to do so much. Don’t get me wrong, they are important components in your overall security posture, but they aren’t the end all – be all. These types of solutions can only respond to known threats. On top of this newer attack strategies such as “living off the land” whereas many of the legit in-OS tools are used as possible in order to help evade detection, can easily get around anti-malware solutions as well.
2 – Wouldn’t it be possible for Microsoft to create a “sandbox” inside of Outlook in which attached documents are opened into? Thus, if said document is malicious, it won’t impact the system?
I suppose they could do this if they wanted to. The fact that they haven’t yet is likely either due to difficult technical limitations, or it would make the end-user experience rather bad. Even so, new security tools are often circumvented eventually. Using a trusted 3rd party security provider, such as Hornetsecurity, to vet suspect attachments can help, and continued end-user security awareness training will help in all cases as well.
3 – Have you ever seen legit emails that have come from paypal.com but are from a malicious attacker who is trying to trick the end-user into paying an invoice?
Yes, we have seen these types of emails. Typically, this is a case of clever domain disguising. For example, the email in question likely came from the domain appearing in the mail client as paypaI.com, where the L in the domain is actually a capital “i”. Additionally, we have seen attacks where a compromised (or throwaway) PayPal account is used for this style of scam.
4 – Where did the statistics discussed in the cyber security panel event (above) come from?
All Statistics discussed in during the panel webinar came from internal Hornetsecurity sources and were cited in the annual Hornetsecurity Cyber Security Report
5 – If I’m Using Exchange Online for Email in M365 do I still need to purchase a third-party SSL certificate for Exchange?
If you’re 100% M365 for mail, no cert is needed. However, if you’re running a Hybrid setup in that you will retain some form of on-prem email server, then a cert will still be needed in that situation.
6 – If a threat actor gains access to my network and is not detected, will it be easier for them to gain access on subsequent attempts, or will they have to circumvent security again?
One common step that many threat actors will take after breaching a target is to establish “persistence”. This is the act of installing software for remote access or creating other back doors into the target network of some kind. This way access on subsequent attempts is much easier, assuming said back doors have not been detected.
7 – Do your experts see any industry being targeted more in the coming year than any other?
This is one of the things we looked at as part of our research for this year’s version of the Cyber Security Report, and we found that no specific industry was more of a target than others. Simply, any organization that is able to pay a ransom or has value to threat actors in some way, is a target.
8 – What is the most feasible way for opening an email (+ attachment) that you’re unsure about but need to make sure it’s not a legit email?
A trusted email security provider, like Hornetsecurity, will have scanning and sandboxing capabilities that will help with this concern. Additionally, if you wanted to do this yourself (NOT RECOMMENDED, unless you know what you’re doing) – manually moving a copy of the email and the suspect attachment into a FULLY isolated environment for inspection is a possible solution. That said, this is something that should be typically left to security researchers and should NOT be done in production environments. Proceed with caution. Note that, again, we recommend using a proven security solution for this issue and take no responsibility for the outcome of manual threat inspection.
9 – What is the psychological and personal analysis of a typical white hatter?
This is a great question! Be sure to check out the recording of the panel event (linked above). One of the Panelists (Mark) covered this question quite well near the end of the event.
10 – What would be the best countermeasure in the middle of an active ransomware attack?
Information. You need to know the scope of the attack and the impact. Only then can you take the needed actions to limit the damage, respond, and start recovering using the tools in your toolbox. If there is any question at all, I would highly recommend engaging with an outside firm that specializes in incident response for further assistance.
11 – When you receive a MFA prompt that you know you DID NOT initiate, chances are your account is compromised right? How are attackers getting end user passwords? It can’t just be luck.
Typically it’s not luck. Usually threat-actors will obtain compromised credentials on the dark web or siphon them from the organization using techniques like phishing. If it’s a persistent issue after a password change the affected user’s devices should be inspected carefully for malicious software.
12 – Why does copying and pasting a link into your browser have a lower risk than just clicking on the link?
URLs are easily embedded into images and custom strings of text. By copying and pasting manually, you actually have a chance to SEE the URL before opening it and can evaluate if it looks suspicious or not. It’s still not fool proof, but it’s often times enough to raise a red flag for the user.
13 – What are the 3 best software solutions to analyze vulnerabilities in infrastructure?
This is a very open-ended question and limiting yourself to three tools in the security space is immensely difficult. That said, speaking in generalities, you’ll want to use some sort of network scanner (like NMAP) to help make a list of what assets are on your network. At that point a reputable vulnerability scanner should be used against the asset list, then a SIEM solution can be used for ongoing monitoring afterwards. Again this is not to mention all the other security tools that should be in your stack, such as AV, communications security, incident response tools, firewalls….etc…etc.
14 – With mobile devices becoming more of a target for threat actors, and end-users increasingly a weak point in security, how do we safely authenticate users, especially with the weaponization of AI?
It’s no secret that mobile devices are increasingly becoming a target. This has been the trend for many years and will continue due to the data contained on mobile devices, not to mention that for many users their mobile device serves as their second factor in the authentication process. That said, MFA via mobile devices is still better than no MFA at all. In my opinion the security community will continue to evolve and incorporate better technologies into the authentication process taking the threat of AI-powered attacks into account. If the concern for some organizations is directly centered around mobile devices, you could always use a different hardware authentication mechanism such as a FIDO key.
Wrap-Up
That wraps up our questions from this panel event. As always if you have follow-up questions or you asked a question that you do NOT see on the list above feel free to reach out to Andy (our moderator for the event) on Mastadon or you can email sales@hornetsecurity.com for more information as well!
Thanks for reading!
