A CEO’s mission is increasingly dependent on technology. If you’re a C-level executive, you know that any disruption to your information systems can interrupt your operations, lower your supply chain, affect your reputation and compromise customer data and intellectual property. According to the 2017 Cost of Data Breach Study by the Ponemon Institute, the global average cost of a data breach is $3.62 million.

Important Cyber Risk Management Concepts  

Involve Cyber Risks in Current Risk Management and Governance Processes 

Cybersecurity is more than enforcing a checklist of requirements – cybersecurity is about being aware of and understanding current threats.

Start Cyber Risk Management Discussions With Your Team

Interact regularly with those who are responsible for managing cyber risks within your organization. By increasing your awareness of the potential threats to your business, you will better understand the impact a cyber incident could have upon it.

Enforce Industry Standards and Best Practices – Do Not Depend Upon Compliance

A robust cybersecurity program takes into account industry standards and best practices to safeguard systems and tracks potential problems; it also notes new threats and allows on-time response and recovery.

Analyze and Control Particular Cyber Risks

Determining critical assets and related impacts from cyber threats is important to understanding an organization’s exposure to risk – whether competitive, reputational, financial or regulatory. Risk assessment results can help executives to identify and prioritize particular protective measures, assign resources, notify long-term investments and implement policies and strategies.

Provide Oversight and Review

Executives have responsibility for managing and ensuring enterprise risk management. Managing cyber activities involves the continuous evaluation of cybersecurity budgets, IT outsourcing, cloud services, incident reports, IT acquisition plans, risk assessment results and top-level policies.

Develop and Track Incident Response Plans

Even a secure organization will need to be prepared to address and control cyber threats and/or deal with cyber incidents at some point in time. Network security should be an equal priority to other risks, such as those involving finances and reputation.

“What is plan B?” incident response plans should be practiced every day.

Coordinate Cyber Incident Response Planning Throughout the Organization

Responding quickly to cyber incidents can prevent or limit possible damage and requires coordination with your business leaders and stakeholders – this includes the chief information officer, the chief security officer, operators, the general counsel, the chief information security officer, public affairs and human resources. Make sure you integrate cyber incident response policies and procedures with current disaster recovery and business continuity plans.

Keep Up Awareness of Cyber Threats

Evaluating, managing and improving the cyber risk management processes, embedding risk data from different sources, active participation in threat information and sharing with partners helps organizations find and respond to incidents speedily and ensure that companies are prepared to mitigate threats.

Risk Management Process

You should begin with a cybersecurity framework structured around each area of the business to ensure an ideal risk posture.

Guidance Software advises utilizing new technologies that can identify and map data throughout the enterprise. As soon as data is mapped, enterprises make actionable decisions on how to govern it and minimize their risk footprints. For instance, even with cybersecurity training and a stable security culture, confidential information can leave an enterprise simply by accident (e.g., data stored in secret rows in spreadsheets or incorporated in notes within employee presentations or lengthy email threads). Scanning the business for essential data at rest and then eliminating any data stored where it does not belong helps to minimize random data loss.

Deloitte advises that the risk management process takes into account the five-level Capability Maturity Model approach:

1. Initial (ad hoc, chaotic and individual heroics): the beginning point for the use of an undocumented repeat process
2. Repeatable: the process is documented perfectly, and repeating the same steps may occur
3. Defined: the process is explained and affirmed as a standard business process
4. Controlled: the process is quantitatively managed as per agreed-upon metrics
5. Optimizing: the process management involves deliberate process optimization/improvement

When the risk posture is concluded, scrutinize the enterprise’s technology infrastructure to understand a baseline for the current risk posture and what the enterprise needs to shift from the current to the required state of risk exposure.

If these proactive steps are taken, there will be less risk exposure and less potential to fall victim to a cyberattack.

Deloitte also advises performing a risk/reward calculation, then standardizing those network security enhancements to achieve the greatest improvements at minimal cost. There should be incremental steps and goals, like five percent improvement within five months, that can be calculated to measure whether the enterprise is moving toward its desired cybersecurity risk posture.

Regular Process

Cybersecurity risk management is a continuous process; the National Institute of Standards and Technology (NIST) Framework is a helpful “living document” that is continually revised and updated as per requirements. Once an enterprise performs its original risk assessment and progresses from the existing to the desired risk posture, periodic or regular assessments should be performed to look for new vulnerabilities that will need to be addressed and managed.

The researchers from Princeton’s Center for Information Technology Policy discovered that both AdThink and OnAudience are exploiting the built-in password managers to track visitors of around 1,110 of the Alexa top 1 million sites across the Internet.

“We found two scripts using this technique to extract email addresses from login managers on the websites which embed them. These addresses are then hashed and sent to one or more third-party servers. These scripts were present on 1110 of the Alexa top 1 million sites.” states the analysis of  the Princeton’s Center for Information Technology Policy.

The experts have found third-party tracking scripts on these websites that inject invisible login forms in the background of the webpage, the password managers are tricked into auto-filling the form using these data.

The scripts detect the username and send it to third-party servers after hashing with MD5, SHA1, and SHA256 algorithms, these hashed values are used as an identifier for a specific user. Typically tracker used the hashed email as user’s ID.

“Login form autofilling in general doesn’t require user interaction; all of the major browsers will autofill the username (often an email address) immediately, regardless of the visibility of the form.” continue the researchers.

“Chrome doesn’t autofill the password field until the user clicks or touches anywhere on the page. Other browsers we tested don’t require user interaction to autofill password fields.”

Third-party password managers like LastPass and 1Password are not exposed to this tracking technique because they avoid auto-filling invisible forms and anyway they require user interaction.

Users can test the tracking technique using a live demo page created by the researchers.

Below the list of sites embedding scripts that abuse login manager for tracking, it also includes the website of the founder of M5S Beppe Grillo (beppegrillo.it).

Last week, Anonymous hacked a Speed Camera Database in Italy, the hacktivists took control of a local police computer system in Correggio, Italy and erased the entire archive containing speed camera tickets. The hackers also released internal emails and documents.

The hackers provided screenshots of the attack to several Italian newspapers, it seems they have wiped an entire archive containing 40 gigabytes worth of infringement photographs.

The Anonymous hackers sent a message using the e-mail account of the Correggio municipal police.

“Ho Ho Ho, Merry Christmas,” read the message from Anonymous.

The message announced the hack of the Concilia database and of the system developed by the company Verbatel, it also included the links and passwords to download them.

The message includes screenshots of the hack, one of them show a Windows command line likely related to the hacked computer of the Correggio municipal police.

Two images show claims from two motorists complaining that they received tickets from Correggio speed cameras, even though they had never passed through the area.

Emails between police administrators and local politicians discussed how the speed camera profits were to be distributed.

One of the screenshots is related to an email sent by an employee at Correggio data center who explains that he has restored the Concilia DB using a backup dated Dec. 5 due to a serious problem.

The police are still investigating the case.

The year 2017 experienced many sophisticated cyber attacks which have made a huge impact on organization as well as individuals. Here are the Top 10 Cyber Attascks and critical Vulnerabilities that played a major role in 2017. Ransomware continues to dominate the cyber security world.

Wannacry

Wannacry (WannaCrypt,WanaCrypt0r 2.0,Wanna Decryptor), A Computer Malware family called Ransomware that actually target the Microsoft Windows Operating systems  SMB exploit leaked by the Shadow Broker that encrypting data and demanding ransom payments in the cryptocurrency bitcoin.

This Attack Started on 12 May 2017 and Infected more than 3,00,000 computers in over 150 countries which consider as one of the biggest Ransomware cyber Attack which world Never Faced.

Petya

A Ransomware called “Petya” Attack Large  Number of Countries across the Globe on June 2017 and it affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France, India,etc..

This Ransomware attack Started in Ukraine First, Especially Ukraine’s government, banks, state power utility and Kiev’s airport and the metro system have infected by Petya very badly then its Spreading Across the World.

Locky

The onset of Locky Ransomware campaign was thought to be evolutionary, but around the clock, the campaign has grown to be revolutionary.

The other day 711 million addresses were found to be leaked onto the internet by Online Spambot. The profound dump had found coherencies with recent Locky malspam activities.

The countries housing the most attack servers are Vietnam, India, Mexico, Turkey, and Indonesia.

Krack Attack

Highly Secured WiFi Protocol “WPA2” Critical Weakness allows to Break any WiFi Network using Key Reinstallation Attack (KRACK Attack) and this flow is given an Ability to Attacker to crack any of Victims WiFi Modem within The Range of Network.

This Critical KRACK Attack allows an Attacker to Steal the Sensitive Information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

An attacker can Accomplish this KRACK Attack by Performing Man-in-the-Attack and force network participants to reinstall the encryption key used to protected WPA2 traffic.

Sambacry

Linux Machine’s are Hijacked by unknown Vulnerability by using SambaCry Flow and this Vulnerability Exploit by using unauthorized Write Permission in Network Drive in Linux Machines.

Super Privilege Access has been successfully takeover by this Sambacry Payload once payload has injected into the Linux Server.

SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server.

Blueborne

Blueborne attack leads attackers to gain complete control over your device and from your device they can migrate to corporate networks and even to most secured Air-gapped computers.

This attack spreads through the air and attacks Bluetooth devices. All the Bluetooth devices mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux are vulnerable.

Duck Attack

DUHK attack allows hackers to recover encryption keys and to decrypt the encrypted web traffic.

DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions.

VLC Player

Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to completely take over to the infected machine.

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.

Grabos Malware

Android Malware called “Grabos”  Found in 144 Google Play apps and it is considered as one of the mass distribution play store Malware by huge number play store apps.

There is no surprise now to see a malicious app on Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings

Most of the app found uploaded in August and October, in a short span they reached between 4.2 million and 17.4 million users downloaded and an average rating of 4.4.

Apache Struts

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

A security expert who uses the online moniker Siguza has made public the details and proof-of-concept (PoC) code for a local privilege escalation vulnerability affecting all versions of the macOS operating system. The flaw, which the researcher described as a “zero day,” allows a malicious application installed on the targeted system to execute arbitrary code and obtain root privileges.

Apple is working on patching the vulnerability and has shared some mitigation advice until the fix becomes available.

“Apple is committed to the security of our customers’ devices and data, and we plan to patch this issue in a software update later this month,” Apple said in a statement emailed to SecurityWeek. “Since exploiting the vulnerability requires a malicious app to be loaded on your Mac, we recommend downloading software only from trusted sources such as the Mac App Store.”

The flaw affects IOHIDFamily, a kernel extension designed for human interface devices (e.g. touchscreens and buttons). Siguza discovered that some security bugs in this component introduce a kernel read/write vulnerability, which he has dubbed IOHIDeous.

The exploit created by the hacker also disables the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI) security features.

The PoC exploit is not stealthy as it needs to force a logout of the legitimate user. However, the researcher said an attacker could design an exploit that is triggered when the targeted device is manually rebooted or shut down.

Some of the PoC code made available by Siguza only works on macOS High Sierra 10.13.1 and earlier, but the researcher believes it can be adapted for version 10.13.2 as well.

The vulnerability has been around since at least 2002, but it could actually be much older.

Siguza says he is not concerned that malicious actors will abuse his PoC exploit as the vulnerability is not remotely exploitable. The hacker claims he would have privately disclosed the flaw to Apple had it been remotely exploitable or if the tech giant’s bug bounty program covered macOS.