TASL

Resources

Securing The Most Vulnerable Asset - Human

Humans are viewed as the most susceptible link in the People-Process-Technology triad. Despite having robust security solutions like Intrusion Detection Systems (IDS) or firewall, your weakest link could let attackers bypass the security controls. Cybercriminals always take advantage of the fact that people are more likely to create mistakes, which could be intentional, unintentional or lack of action. According to the Human Factor 2019 report, 99% of cyber-attacks require some level of human interaction to execute.

Trends like flexible working and personal device usage amidst the new normal have completely changed user behaviour. It has also observed that most of the employees do not restrict their family members and friends from accessing their work devices that may create a myriad of cybersecurity risks for organizations. That’s why most of the security professionals think that inattention among employees for security practices is putting the enterprises at risk. They believe that employees can easily misuse their access to reveal, erase or alter the business-critical information. As per the 2020 Data Breach Investigation Report from Verizon, 30% of breaches involve internal actors. This indicates and proves (at a great extent) that insider threats pose a significant risk to the cybersecurity of an organization.

How Cybercriminals Target Humans

Phishing, Social Engineering & Business Email Compromise are the most common cyber threats posing a serious concern for organizations globally. These attacks have a high success rate as humans are the first contact point. Let’s have a close look at each cyber threat.

  • Targeted Phishing attacks have increased at an incredible speed since businesses have started to continue operations remotely. The remote locations do not have adequate security measures in place to counter the ongoing threats, which make employees more prone to cyber risks. Cybercriminals are leveraging the current situation by flooding remote workforce with COVID-19 themed phishing emails intending to steal credentials, data and gain access to critical business resources. They are also imitating the most renowned brands like Apple, PayPal & Netflix to launch phishing campaigns.
  • Social Engineering is another common method used by attackers to target people and businesses. It involves human psychological manipulation to trick them into making mistakes like giving credentials to access corporate data/systems, providing critical information, etc. This attack generally happens in several stages. Initially, cybercriminals gather required information about the target through social media websites like Facebook, Twitter, LinkedIn, Instagram, etc. Then, they establish a relationship with the target. Once the trust is built, they communicate further to exfiltrate the data.
  • Business Email Compromise (BEC) is the most sophisticated form of phishing that utilizes social engineering tactics to manipulate and trick victims. The attackers implement techniques like display-name spoofing, domain spoofing and lookalike domains to execute BEC attacks. These attacks revolve around impersonation in which the attacker takes over the email account of someone the victim trusts. This could be a senior-level executive of the same organization or a trusted counterparty. When the victim receives the email, it seems like a legitimate & usual business request. Consequently, the victim processes the request without having any idea about what is going on in the backend.

How to Mitigate Human Vulnerability

Recommended security controls can be followed to mitigate the risk of employees becoming the victims of cyberattacks:

  • Initiate a security awareness program to enhance security, reduce errors and prevent damage to brand reputation.
  • Identify your VAPs (Very Attacked People) as they highlight significant areas of risk to the business.
  • Conduct a regular risk assessment of employees to mitigate cyber risks.
  • Provide in-depth security training to help employees recognize phishing emails and other growing cyber threats.
  • Encourage employees to follow best practices of proper password management.
  • Actively manage and monitor the privileged accounts of your organization.
  • Appreciate those who follow proper cybersecurity hygiene throughout the organization.

The need of the hour for organizations is to follow a people-centric cybersecurity approach that must include an effective security awareness program. Investment in the training of employees will make them aware of the increasing cyber threat landscape and help them to react accordingly if they are hit with a cyberattack. Also, improving cybersecurity understanding among employees will assist organizations to meet the regulatory compliance.

Read More
Don’t Get Phished in the Rising Tide of Phishing

Phishing is one of the escalating and hard-to-detect threats for all Internet users as it does not seem malicious at first look. Over the last few months, it’s frequency and intensity have increased significantly. Researchers from Barracuda Networks reported that COVID-19 related phishing attacks have increased by 667% since the end of February 2020. The cybercriminals are leveraging the amplified focus on COVID-19 to deliver malware and scam victims out of money. They are also using the renowned brands to trick people and steal sensitive information like personal data and login credentials. As per the Q1 2020 Phishing Report from Check Point - Apple, Netflix, Yahoo, WhatsApp & PayPal are the top 5 mimicked brands for phishing attempts.

This tremendous growth in phishing attempts is posing a great challenge for organizations as a majority of businesses are running remotely. Thus, organizations must understand different phishing techniques and thereafter make employees aware of them through proper security awareness training.

Different Phishing Techniques

Deceptive Phishing

This is the most common phishing attack in which attackers impersonate a legitimate organization to make victims believe that the received email is originated from an authentic source. Such emails come with a sense of urgency i.e. requesting users for immediate actions like log-in to change passwords, payment failure, etc.

Spear Phishing

It is an in-depth version of deceptive phishing that incorporates specialized information about the victim. For instance, it might include information of employees within an organization or personal details of the targeted entity. This helps threat actors to make victims believe that they have a  connection with the sender. Social media websites are common sources for attackers to get relevant information about the target.

Clone Phishing

In such phishing attacks, cybercriminals create an identical copy or clone of the legitimate, previously transferred email messages and then replace the attachment with a malicious file or link it to an infected URL. When the victim receives the infected email, it appears to come from the original sender. Therefore, it is much harder to detect than other common phishing attacks.

Whaling

This type of phishing attack is directed to target high-profile, senior-level executives of an organization with the aim of stealing money, sensitive information or gaining access to their computer systems. Cybercriminals masquerade themselves as a senior employee like Finance Manager or Board Member and send malicious emails containing relevant information gathered online to the target employees.

How Victim Gets Infected

                                                             

 

Data Compromised During A Phishing Attack

  • Personal Identifiable Information like complete names, residential addresses, birthdates, social security numbers etc. This could be used for identity theft.
  • Financial Information like credit/debit card numbers, bank account numbers, etc. Hackers can utilize this data to steal money and commit fraud.
  • Company Information like ongoing projects, partner & client information, sales database, etc.
  • Contact Numbers help cybercriminals to bypass the two-factor authentication as well as launch smishing campaigns.
  • Usernames and Passwords let attackers to login into your personal and corporate accounts and cause severe damage. 

How to Deal with Phishing

Recommended security controls for organizations to combat with the increasing phishing attacks:

  • Implement two-factor authentication (MFA) as it adds an additional layer of security while logging into critical applications or resources.
  • Use email filters to highlight high-risk email messages.
  • Implement Anti-Phishing or complete Email Security solutions to prevent phishing emails from reaching the inboxes of your employees.
  • Use a robust web application firewall to block malicious requests.
  • Conduct security awareness programs to keep employees aware of the possible threats.

Recommended security practices for employees to avoid falling prey to attackers:

  • Never click on links or download attachments from unknown or unauthorized sources.
  • Never send critical information like credit/debit cards pin or internet banking credentials over email or text.
  • Always look for red flags like generic greetings, spelling and grammatical errors, urgent action requests, wrong logo, etc in the suspicious emails.


The Cyber Security Practice of Tata Advanced Systems is constantly supporting businesses to transform their cyber defence and continue operations in a secured environment through its comprehensive cybersecurity services. 
To know more about our offerings, reach us at contactcs@tataadvancedsystems.com

 

Read More
Remote SOC: A Challenge for Security Professionals

As the COVID-19 outbreak has strained the global workforce to stay home, most of the organizations have established work from home policies to maintain business continuity and productivity. This immediate shift has raised challenges for the security operations team to stay connected and overcome the possible risks in this critical time. Since personal devices and networks are more prone to cyber-attacks, the global pandemic is giving C-Level executives as well as SOC managers sleepless nights.

CERT-In, in its latest advisory, notified that there has been a substantial rise in the number of cyberattacks on personal computers, routers and networks as most of the security professionals are working from home.

When it comes to the security operations center (SOC), it is important to discover how to achieve effective remote SOC operations. The only key to the success of this transformation (from on-site to remote) is “security”. Whether the teams are working on-premises or remotely, the basics of maintaining an effective SOC will remain the same.

Secured Devices

An on-site SOC is contained in an environment with advanced cyber as well as physical security measures because of the nature of the information resides in it. Since it is not possible to deliver the same set of security procedures to the team’s residence, remote SOC becomes a bit challenging. Therefore, each analyst’s device (including the home router) must be configured carefully and given secured access (preferably via VPN) to SOC resources.

Most security researchers believe that multifactor authentication must be implemented while requesting access to such critical resources. They also suggest that blacklisted IPs should be removed and monitoring tools must be retrained for new user behaviors.

Proper Communication

Communication and Collaboration are one of the most crucial parts of successful SOC operations. They become even more important when everyone operates remotely. The information must be shared regularly through collaboration tools used for group chats, conference calls, or videoconferencing. It is also vital to ensure that the information is shared over a secured platform, preferably, an internal platform as business-critical information cannot be shared over a public messaging platform. This will help in preventing the exploitation of intellectual property in case it gets compromised.

It is also important to ensure that your entire network is secured with a VPN as it encrypts the traffic and makes it difficult for the intruder to read.

A good communication plan could be:

  • Ensure that appropriate notifications are set up and reaching to the relevant teams
  • Ensure that the contact information of each team member is updated (including both work and personal phone numbers and email addresses)
  • Provide a contact matrix for information on who to contact on different issues that could arise

Update IR (Incident Response) Plan

As it is uncertain, how long WFH will continue, it becomes important to focus on response planning, adversarial threat modeling, and vulnerability/patch/remediation management. The senior executives and managers need to reassess the cybersecurity incident response strategies, particularly while triaging events and collecting artifacts.

How TASL Driving SOC Services Amidst Global Pandemic

We know that security is not the only thing that needs to be focussed while talking remote security operations center. Confidentiality, Integrity and Availability also need to be addressed at the same time. In the midst of this COVID-19 situation, we believe that every security analyst needs to be available and perform respective duties to keep SOC operational.

Our “Martial” – Next Gen SOC provides next-level assurance of protection and security in a world where cyber-attacks can now affect almost every aspect of our lives both personally and professionally. It embraces security controls like multi-factor authentication, strong encryption over data transmission, and real-time collaboration solutions that enables SOC professionals working remotely to support businesses to continue function and maintain productivity in this critical time.

We are dedicated to seamlessly improve your organization's security posture and make you future-ready against all advanced and complex threats, regardless of the circumstances.

Trust in us with confidence!!

Read More
Mobile Security – A Growing Concern For Businesses & The Impact Of Pandemics

“Mobile device productivity comes at a price — increased security risks.” As mobile security threats are escalating in number as well as evolving in scope, both individuals and enterprises need to understand common threat vectors and prepare for the next generation of malicious activities. Presently, there are more than 6.8 billion smartphone users in the world. As our dependency on mobile devices increases over time, so does the data security and thus, the motivation for cybercriminals.

The rapidly growing global momentum of mobile usage has made “mobile security” more critical than ever. It is astonishing to know that mobile accounts for approximately half of the web traffic across the globe. In the fourth quarter of 2019, mobile devices (not including tablets) generated 52.6% of global website traffic. And, if we talk about India, it is estimated that there will be 829 million smartphone users by the end of 2022, according to Cisco’s 13th annual Visual Networking Index (VNI). Additionally, in Myanmar, there were approximately 61.14 million mobile subscriptions in 2018.

As per the combined report submitted by US tech giant Google, Singapore wealth fund Temasek and consultancy firm Bain & Co, Southeast Asians are the most engaged mobile Internet users in the world. The region’s Internet economy has reached $100 billion in sales in 2019 and is ready to hit a mark of $300 billion in 2025. Also, the adoption rate of digital payments has grown at an exceptional speed and the market is expected to cross a mark of $1 trillion by 2025.

From the security point of view, these numbers are good enough to draw cybercriminals’ attention. More users mean more vulnerable endpoints for hackers to exploit. Lack of awareness of device vulnerability is one of the main reasons for increasing cyber threats targeting mobile devices.

As per Symantec, India (after the US) was the top country for mobile malware (23.6%) in 2018. Phishing attacks, malicious applications, data leakage, malware-infected files, etc. are some of the troubles that each organization is struggling to fight with. Mobile applications create another path to enter into organizations’ networks, allowing hackers and swindlers to transmit malicious code. This could further lead to data breaches, public disclosure of sensitive information, or compliance violations. Whereby most organizations have now recognized mobile device threats and vulnerabilities, and understood that they need proper security protection.

“As per the report from Verizon, 87% of financial services companies said that cybercriminals see them as a more lucrative target than other sectors.”

If we take an example of the BFSI industry, mobile banking has completely transformed the banking sector. According to RBI’s report 2017-2018, mobile banking services increased to 92.6% from 88.9% in the previous year.

But with that growth come a whole new set of threats (or possible risks). Third-party mobile banking applications, unsecured wireless networks, mobile malware, and risky user behaviour are some of the risks that have created a concern for security officials. A report from Kaspersky Lab reveals that mobile banking malware is increasing at an alarming rate. In the first quarter (Q1) of 2019, it detected around 30000 installation packages for mobile banking Trojans, which was 11,000 more than in Q4 of 2018.

How Pandemic Impacts Mobile Security

“Not everything is under human control.”

Since COVID-19 has been declared a pandemic by the World Health Organization, hackers are using the hype and fear connected to this deadly virus. They are well aware of the fact that people are struggling to carry out basic essential transactions and visit their nearest banks. The situation has strained people to use alternative methods like internet banking, mobile wallets, UPI, etc. for making payments, which has significantly increased the number of electronic transactions made per day worldwide. The cybercriminals are viewing the current outbreak as an opportunity to launch malicious campaigns and infiltrate mobile devices to steal critical user data like credit/debit card information and banking credentials.

In a recent analysis, performed by Domain Tools (a threat intelligence firm), it was revealed that hackers have been deploying Android ransomware known as CovidLock, which appears to be a COVID-19 information tracker but is intended to lock targets' screens until they pay a ransom.  

Also, the researchers from Avast have issued an alert regarding an increase in COVID-19 themed mobile malware. They said, “attackers are releasing malicious applications that claim to be genuine, but actually they are fake.”

How Enterprises Can Ensure Mobile Security  

Let’s have a look at some of the recommended security practices that every enterprise can follow to ensure mobile security and protect business-critical data against unauthorized users.

  • Implement robust authentication measures
  • Ensure routine updates and data backup
  • Block suspicious applications
  • Continuous monitoring of connected devices
  • Perform regular health checks

Tata Advanced Systems Limited (TASL) is a managed security service provider with over a decade of experience and trusted by leading organizations. Currently, TASL is actively servicing satisfied clients while continuing to truly transform the customer experience, with IT security as their top priority.

At TASL, we help organizations to ensure mobile security through our wide portfolio of services such as Mobile Device Management (MDM), Mobile Application Access (MAA), Data Leakage Protection (DLP) and Identity Right Management (IRM).

To know more about our mobile security services, mail us at contactcs@tataadvancedsystems.com.

 

Read More
Building Tech-Driven and People-Enhanced Next Gen SOC

As cybercriminals are becoming more advanced and the cost of cybercrimes is increasing over time, organizations want to have a deeper look at what they are doing today to guard against cyberattacks. The Cyber Security Practice of Tata Advanced Systems Limited completely acknowledges the situation and is constantly helping businesses to protect their brand identity and intellectual property through “Martial” – Next Gen SOC.

We provide next-level assurance of protection and security in a world where cyber-attacks can now affect almost every aspect of our lives both personally and professionally. Martial transforms the cyber defence of your organization and delivers tactical and strategic capabilities to security teams to quickly identify, analyze and respond to security threats. With a powerful vision like an eagle, it provides real-time insights to organizations and aids understand what is happening inside their security landscape.

Based on our seven-pillar approach, we help organizations to have a 360-degree view of their security posture and respond to threats before they inflict any damage.

Let’s have a look at the seven pillars of our approach.

  • Prevent by Threat Anticipation
  • Threat Detection/Discovery
  • Investigate
  • Response or Containment
  • Remediate/Recover
  • Assess
  • Security Awareness

 

  1. Prevent by threat Anticipation

The great unknown can be downright terrifying in the world of cybersecurity as it could bring an organization to its knees.  At TASL, our cybersecurity experts collect data from multiple threat intel feeds, then analyze the collected data to prioritize the threats and figure out for which threats we need to prepare now. The analyzed data helps organizations to optimize their threat detection and response capabilities.

Our Threat Anticipation Service uses Global Threat Intel feeds, Vulnerability Advisories, Brand Monitoring, Social Media & Darkweb Monitoring to detect new threats, correlate their impact on assets within your infrastructure and network, and to proactively raise your defence against the emerging threats.

  1. Threat Detection/Discovery

We help detect known threats in real-time using sophisticated rules & correlations with Big Data, EDR, UEBA, PAM, WAF and Next Gen Firewall for real-time correlation, to determine what passes for normal behaviour, and to auto-detect and immobilize suspicious activities before they spread.

We discover evasive threats with the help of the AI & ML cyber analytics platform. We deploy skilled threat hunters for detecting anomaly-based threats like zero-day & targeted attacks, lateral movement, malware, watering hole attack, data exfiltration, etc.

  1. Investigate          

We perform an in-depth analysis on threats, impact on assets, and blast radius with the help of AI & ML analytics platform to provide complete story by correlating different incidents of multiple security tools & solutions, along with historical data/behavior & pattern for each alert with one click, and score-based triage for prioritizing the most critical alerts.

  1. Response or containment

Post-breach confirmation, the first thing required is to limit the attack to prevent further damage. We quickly implement effective countermeasures to curb the impact of the breach or attack. Particularly, automated platforms are employed to contain the attack with a single click.

  1. Remediate/Recover

Post-containment, our security analysts provide a permanent fix that might include reconfiguring systems, patch application, reconstructing application architecture, etc. to safeguard the infected assets from future attacks.

We evict attackers and eradicate threats with automation and use of multiple playbooks to quickly remediate and recover swiftly, and advance your defence from learning.

  1. Assess

A constant VAPT exercise, 24x7 SOC monitoring with the combination of automated platforms & highly skilled Team, is the need of the hour to have a complete purview of security posture, new and existing vulnerabilities before anything else, as well as to take informed actions either by patching or creating a rule against identified vulnerabilities.

  1. Security Awareness

“You are as secure as your weakest link.”

Humans are considered to be the weakest link in the information security chain. According to a report, 78% of security professionals think that the biggest threat to endpoint security is the negligence among employees for security practices.

The need of the hour for organizations of all shapes and sizes is to give a constant general & targeted security awareness training to all their employees. We, at TASL, provide in-depth training to all the employees to increase the awareness of ever-increasing attack vectors. We conduct regular assessments of employees to minimize cyber risk significantly.

Why Choose TASL?

  • Unrivaled customer satisfaction
  • Rich experience of serving multiple verticals
  • Rapid deployment
  • Reduced operational cost
  • Increased ROI
  • Technology-agnostic approach
Read More