Tuesday, August 29, 2023

How? Protecting from Malicious Code

Malicious code by definition is unwanted file or program that can cause harm to a system or compromise its function. We know this for a long time now as viruses, worms and trojan horses.

How do we protect against malicious code?
  • Install and maintain antivirus softwares
  • Use caution with links and attachments
  • Block pop-up advertisements
  • Disable media auto-run features
  • Change passwords regularly and keep different passwords for each site / application
  • Keep the Operating System and Software's updated
  • Backup Data
  • Avoid using public Wi-Fi

Monday, August 28, 2023

Phishing-Resistant MFA

MFA or Multi Factor Authentication is a layered approach to securing physical and logical access where a system requires a user to present a combination of two or more different authenticators to verify a users identity for access. MFA increases security because even if one authenticator is compromised, malicious users will not be able to meet the second authentication requirement and so will not be able to access the account or system or space.

A typical MFA login would require the user to present some combination of the following:
  • Something you know - like a password or PIN 
  • Something you have - like smart card, mobile token or hardware token
  • Something you are - like biometrics (fingerprint or voice recognition)
MFA not only make it more difficult for threat actors to gain access to accounts (like facebook, instagram and other information systems), devices and network systems if the user name, password and pin are compromised through Phishing attacks or other means. 

With MFA enabled, if one factor is compromised, the unauthorized actors will still be unable to access the account if they cannot provide the second factor. This additional layer protects and stops most common malicious cyber techniques. 

Organizations must implement MFA for all users for all services that they provide access for. Some of the common services email, chat, file sharing, etc. 

Not all the forms of MFA are secure. Some are vulnerable to Phishing, "push bombing" attacks, exploitation of SS7 protocol vulnerabilities or SIM swap attacks. These techniques / attacks if successful then they may allow malicious users to gain MFA authentication credentials or by-pass MFA to access MFA protected systems.

CYBER THREATS TO MFA

Cyber threat actors have used multiple methods to gain access to MFA credentials:

Phishing: Phishing is a form of social engineering in which cyber threat actors use email or malicious websites to solicit information. For example, in a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a threat actor-controlled website that mimics a company’s legitimate login portal. The user submits their username, password, as well as the 6-digit
code from their mobile phone’s authenticator app.

Push bombing (also known as push fatigue): Cyber threat actors bombard a user with push notifications until they press the “Accept” button, thereby granting threat actor access to the network.

Exploitation of SS7 protocol vulnerabilities: Cyber threat actors exploit SS7 protocol vulnerabilities in communications infrastructure to obtain MFA codes sent via text message (SMS) or voice to a phone.

SIM Swap: SIM Swap is a form of social engineering in which cyber threat actors convince cellular carriers to transfer control of the user’s phone number to a threat actor-controlled SIM card, which allows the threat actor to gain control over the user’s phone.

Recommended forms of MFA implementation from strongest to weakest

Phishing-resistant MFA: 
  • FIDO
  • Public Key Infrastructure (PKI)-based
App-based authentications:
  • One-time password (OTP)
  • Mobile push notifications with number matching
  • Token-based OTP
App-based authentication:
  • Mobile push notifications without number matching
SMS or Voice

Friday, August 25, 2023

MDM - Solution Providers

MDM - Solution Providers

There are various solutions that industry leaders provide.

Microsoft Intune: A cloud-based MDM and mobile application management solution that integrates with Microsoft's ecosystem, allowing organizations to manage devices, applications, and data across various platforms.

VMware Workspace ONE: Offers unified endpoint management and integrates with VMware's virtualization technologies, providing a comprehensive solution for managing devices, apps, and data.

Jamf Pro: Primarily designed for Apple devices, Jamf Pro is a leading MDM solution for macOS, iOS, and tvOS devices, providing extensive device management and security capabilities.

MobileIron: Provides MDM, mobile application management, and mobile threat defense to ensure secure mobile device usage within organizations.

IBM MaaS360: Offers comprehensive MDM and enterprise mobility management features, supporting a wide range of device platforms and focusing on security and compliance.

Cisco Meraki Systems Manager: A cloud-based MDM solution that offers centralized management for a variety of devices, with a focus on ease of use and security.

AirWatch by VMware: Part of the VMware Workspace ONE platform, AirWatch provides MDM and mobile application management, supporting a wide range of device types.

BlackBerry Unified Endpoint Manager (formerly BES12): Known for its security features, BlackBerry UEM offers MDM and secure communication for a variety of devices.

Sophos Mobile: Offers MDM and mobile security features, integrating with Sophos' broader cybersecurity solutions.

Citrix Endpoint Management: Provides MDM, mobile application management, and secure file sharing for a wide range of devices.

It's important to evaluate these solutions based on your organization's specific needs, including the types of devices you need to manage, security requirements, scalability, integration with existing systems, user experience, and overall cost. Each solution has its strengths and may be better suited for different use cases and environments.

Featured Posts

How? Protecting from Malicious Code

Malicious code by definition is unwanted file or program that can cause harm to a system or compromise its function. We know this for a lon...

Popular Posts