Cybersecurity in a Work from Anywhere (WFX) Environment
In 2020, thanks in large part to the COVID-19 virus, the work environment in Europe has shifted, with remote working leading the way. This presents many challenges for IT and security teams as they now must deal with an increase in cyberattacks in less a secure environment. As the UK and other European countries enter […]
ENISA Report Highlights: Guidelines for Securing the IoT
Over the past four years, I’ve been fortunate enough to contribute to several papers produced by the European Union Agency for Cybersecurity (ENISA). ENISA was started in 2004 as a place for industry experts to partner and work together towards the common goal of making Europe more cyber secure. The Agency works closely with both […]
Ryuk Ransomware
OVERVIEW Ryuk ransomware was first discovered in the wild in 2018. It is known for using manual hacking techniques and open-source tools to move laterally through private networks and gain administrative access to as many systems as possible before initiating the file encryption. This ransomware group was one that did not stop attacks on healthcare […]
Typeform Phishing Campaign
OVERVIEW In recent years, phishing campaign comes in different types and forms. The attackers are known to utilize free online tools and a variety of methods in hope to harvest credentials out from the victims. On 16 August 2020, a relatively new spear-phishing campaign was detected which appears to utilize a free online tool – […]
Europe’s 2020 Cybersecurity Evolution: Securing Teleworkers
How cybersecurity of organisations in Europe will change and adapt with teleworking and the migration to the cloud When 2020 arrived, no-one could have predicted nor expected the drastic changes that we are seeing in the light of the COVID-19 pandemic. Not only has the pandemic changed cybersecurity, it has also created a huge paradigm […]
5 Reasons MITRE Framework is Being Adopted by the Industry
Since the MITRE ATT&CK framework was released in 2013, it has become widely used by cybersecurity teams. Built to be complementary to other frameworks, like the Lockheed Martin Cyber Kill Chain, the ATT&CK method (Adversarial Tactics, Techniques & Common Knowledge) was created to be a “foundation for the development of specific threat models and methodologies”. […]
5 Strategies to Stretch Your Cybersecurity Budget
More than ever before, organizations are asking their cybersecurity teams to find savings, delay expenditures and get more value from their budgets. While pushing vendors for price concessions, decreasing pay, or even laying-off employees are options, IT leaders should use the pandemic as an opportunity to rethink their overall approach and find sustainable strategies to […]
WastedLocker Ransomware
OVERVIEW First discovered in May, WastedLocker ransomware is a relatively new strain from the group known as Evil Corp, which was previously associated with the Dridex banking Trojan and BitPaymer ransomware. This ransomware group was brought to our attention with the recent ransomware attack against Garmin. In our research, we discovered why these targeted attacks […]
Phishing in the Wild
OVERVIEW It’s no secret that phishing is one of the most common types of cyberattacks, both to individuals and organizations. According to the 2020 Verizon Data Breach Investigation Report, one out of four breaches involved phishing. So when Proficio’s Threat Intelligence Team received a client request, asking for assistance with a phishing incident, we conducted […]
Proficio Vulnerability and Advisory Report
CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication The purpose of this report is to provide vendor specific advisories and vulnerability information that may be relevant to the security of a device(s) deployed within your network environment. Along with information about the vulnerability related issues, Proficio will provide recommended actions to either resolve, mitigate or workaround […]
10 Ways to Address the Cyber Skills Gap
With all the layoffs and furloughs due to COVID-19, you may be wondering if the shortage of cyber professionals is still a problem. According to Gartner, the answer is yes. Citing the rise in COVID-19 themed cyberattacks, Gartner saw the demand for information security roles surge in February 2020. Industry experts now count the global […]
Reopening Safely – Cybersecurity Recommendations for Organizations Returning to the Office
According to the consulting firm, McKinsey, organizations will need to navigate through the stages of Resolve, Resilience, Return, Reimagination, and Reform during the COVID-19 pandemic. Many organizations are now in the Return stage as they ask their employees to come back to their business locations. The challenge for IT organizations is how to manage the […]