Login
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: November 2020.
In this edition, we follow our preceding McAfee Labs COVID-19 Threats Report with more research and data designed to help you better protect your enterprise’s productivity and viability during challenging times.
What a year so far! The first quarter of 2020 included a rush of malicious actors leveraging COVID-19, and the trend only increased in the second quarter. For example, McAfee’s global network of more than a billion sensors registered a 605% increase in total Q2 COVID-19-themed threat detections. It’s an example of updated pandemic-related threats you can track on our McAfee COVID-19 Threats Dashboard.
This edition of our threat report also looks at other notable Q2 20 malware increases including:
To help ensure your data and systems remain secure, we have also made available the MVISION Insights preview dashboard to demonstrate the prevalence of such current campaigns. This dashboard also provides access to the Yara rules, IoCs, and mapping of such campaigns against the MITRE ATT&CK Framework. We update these campaigns on a weekly basis so, in essence, this threat report has an accompanying dashboard with more detail on specific campaigns.
I certainly hope that you see the value not only in the data presented within the threats report, but also with the dashboards. Your feedback is important to us.
Stay safe.
What a year so far! We exited the first quarter of 2020 battling the rush of malicious actors leveraging COVID-19, and in the second quarter there are no signs that these attacks seem to be abating.
The post McAfee Labs Report Reveals Continuing Surge of COVID-19 Threats and Malware appeared first on McAfee Blogs.
By: Heiko, Senior Security Engineer, Germany
I never could have imagined that what started as a national duty to volunteer in Germany would spark an innate passion of giving back to those in need during a time of crisis.
For many years, German men were required to spend 15 months in the military after graduating from school or volunteer for community service for an equal amount of time over eight years. I chose to volunteer for the Technische Hilfswerk (THW). THW is a civic organization that provides professional help to people in distress.
Little did I know that the experience would be so rewarding that 23 years later, and with the help of McAfee’s Volunteer Time Off (VTO) benefit, I would be spending much of my free time helping those in need of THW’s services.
THW has been instrumental in providing much needed resources during the 2020 coronavirus pandemic, including erecting mobile clinical testing stations across the country and providing critical relief services for front line defense against the virus.
When the hot phase of COVID-19 reached Germany this spring, THW began preparing to build temporary hospital facilities in case the virus threatened to overwhelm hospitals. Temporary camps are built from scratch to house relief units of 500 people and more.
With more than two decades of disaster-response exercises and training behind me, I’ve become very acquainted with constructing these facilities. So, I wasn’t surprised when THW asked me to work with a local fire department to build one to increase the community’s hospital capacity for treating infected patients.
We organized containers with showers and toilets, designed the infrastructure to connect them to the existing water supply, arranged for beds and mattresses and planned needed power requirements. Volunteers assisted in transporting materials and supplies to the facility and assembling the various hospital pieces.
Over the years, volunteering for the THW has become a passion. Many of my best friends are part of the effort, which makes it even more rewarding.
Building the temporary camp was hard and required patience. For two weeks, the 12-hour days were taxing but it was worth it to contribute to the battle against COVID-19.
The spirit of our small group and others kept each of us motivated to meet our goal. Everyone did what he or she could do best, and people from other departments and organizations were willing to be as flexible as possible. I was proud to offer my training at THW to help pull together the community.
Regardless, it wouldn’t have been possible for me to help if not for McAfee’s support. My colleagues and manager chipped in to manage my projects, invoking the true spirit of teamwork.
There is no question that McAfee enables its employees to become a greater part of the community and assist whenever and wherever needed. That benefit makes it even more rewarding to give back to the community.
At McAfee, we encourage and support the efforts of our team members to make a difference in their communities. If you’re interested in joining the McAfee team, we’d love to hear from you.
|
Search Career Opportunities with McAfee Interested in joining our team? We’re hiring! Apply now.Stay Connected For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post One Team Member Selflessly Provides Relief to COVID-19’s Front Line appeared first on McAfee Blogs.
If 2020 has taught us anything, it’s that our ability to think critically about the information we encounter online is now a fundamental life skill we need to learn, practice, and pass on to our offspring. But the actual task of teaching kids how to discern real and fabricated information online these days is easier said than done.
How did the truth get so hard to pin down? In the documentary The Social Dilemma, the answer to that question comes down to two things: Our growing reliance on social media for both human connection and information and the data-based algorithms social networks use to mine and sell data, nurture device dependence, and influence our behavior.
A 2019 Pew Study reveals that 55 percent of US adults get their news from social media either “often” or “sometimes.” A July 2020 Pew Study shows that people who rely on social media for news are less likely to get the facts right about the coronavirus and politics and more likely to hear some unproven claims.
The power of algorithms to deliver customized, manipulative content to a person’s screen is alarming, says Tristan Harris, a former design ethicist at Google, who is featured in The Social Dilemma, adding, “Never before in history have 50 designers made decisions that would have an impact on two billion people.”
On the heels of the recent election, Media Literacy skills will make a difference as false reports are likely to surface in our social feeds in the foreseeable future. For many, the willpower to shut down their social feeds altogether isn’t a viable option. So how do we wade through the veiled forms of manipulation and misinformation taking place all around us online?
One approach is to make a personal commitment to stay alert, slow down, and carefully vet the content you consume, create, or share.
One thing you might consider is making 2021 the year your family masters Media Literacy, a topic we’ve written extensively about on this blog. In short, Media Literacy is the ability to identify different types of content and understand the messages each is sending. Content includes texts, social media memes or posts, videos, television, movies, video games, music, and various other digital content. Reminder: Someone creates each piece of content and that person, group, or company has an agenda or message.
Do I understand all the points of view of this story?
What do I think about this topic or idea?
Am I overly emotional and eager to share this?
Am I being manipulated by this content?
What if I’m wrong?
Lastly, consume all media with thoughtful intention — avoid mindless scrolling and liking. A few other practical ways to fight back against the algorithms we drew from The Social Dilemma: Don’t click on video or content recommendations. Fight back against algorithms by choosing your content. Uninstall social media apps that are not useful and waste your time. Turn off notifications or any other alert that interferes with living life. If an issue has you angry or emotional, stop, breathe, and research the facts before sharing.
The post Helping Your Family Combat Digital Misinformation appeared first on McAfee Blogs.
Cybersecurity professionals know this drill well all too well. Making sense of lots of information and noise to access what really matters. XDR (Extended Detection & Response) continues to be a technical acronym thrown around in the cybersecurity industry with many notations and promises. Every vendor offering cybersecurity has an XDR song to sing. Interestingly, some either miss a beat or require tuning since it’s still quite an emerging market. This can be intriguing and nagging for cybersecurity professionals who are heads down defending against the persistent adversaries. The intent of this blog is to clarify XDR and remove the noise and hype into relevant and purposeful cybersecurity conversations with actions. And observe the need for a proactive approach.
Let’s begin with what does XDR refer to and its evolution. As noted earlier, XDR stands for Extended Detection and Response. “extended” is going beyond the endpoint to network and cloud infrastructure. You will find this cross-infrastructure or cross-domain capability is the common denominator for XDR. XDR is the next evolution of a solid Endpoint Detection and Response (EDR). Ironically it was a term introduced by a network security vendor with aspirations to enter the emerging Security Operations market.
Industry experts have weighed in on this XDR capability for cybersecurity and agree it’s still relatively early to market. Gartner’s definition, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” Gartner notes three primary requirements of an XDR system are; centralization of normalized data primarily focused on the XDR vendors’ ecosystem, correlation of security data and alerts into incidents and centralized incident response capability that can change the state of individual security products as part of incident response or security policy setting. If you want to hear more from Gartner on this topic, check out the report.
ESG defines XDR as an integrated suite of security products spanning hybrid IT architectures, designed to interoperate and coordinate on threat prevention, detection and response. In other words, XDR unifies control points, security telemetry, analytics, and operations into one enterprise system. The cross-vector analytics must be enhanced to track advanced multi-stage attacks. In addition, implementation guidance such as reference architecture is needed to assure successful integrated workflows.
Forrester views XDR as the next generation of Endpoint Detection and Response to evolve to by integrating endpoint, network and application telemetry. The integration options are native where the integration is with one vendor’s portfolio or hybrid where the vendor integrates with other security vendors. The key goals include empowering analysts with incident-driven analytics for root cause analysis, offer prescriptive remediation with the ability to orchestrate it and map uses cases MITRE ATT&CK techniques and chain them into complex queries that describe behaviors, instead of individual events.
The common XDR themes from these XDR discussions are multiple security functions integrated and curated data across the control vectors all working together to achieve better security operational efficiencies while responding to a threat. Cross control points make sense since the adversary movement is erratic. Emphasis is on removing complexity and offering better detection and understanding of the risk in the environment and quickly sorting through a possible response. The range of detect and response capabilities also suggest that it cannot be done by one exclusive vendor. Many advocates an integrated partnership approach to unify defenses and streamline efforts across domains and vectors. It’s a more realistic approach as well since most organizations do not fulfil their entire security function with one vendor. While buying an XDR “suite” from one vendor is easier where most of the security tools come from one vendor, some critical security functions from another vendor should be included to drive a more effective detect and response. This is not a new concept to connect the security disciplines to work together, as matter fact, McAfee Enterprise has been professing and delivering on Together is Power motto for some time.
One more consideration on this unified and integrated security XDR theme, many vendors may proclaim this but look under the hood carefully. They may have a unified view in a single console but has the data from all the separate vectors been automatically assessed, triaged and providing meaningful and actionable next steps?
Another common XDR theme is the promise to accelerate investigation efforts by offering automatic analysis of findings and incidents to get closer to a better assessment. This makes your reactive cycles potentially less frequent.
Integrating security across the enterprise and control points and accelerating investigations are critical functions. Does it address organizational nuances like is this threat a high priority because it is prevalent in my geo and industry and it’s impacting target assets with highly sensitive data. Prioritization should also be an XDR theme but not necessarily noted in these XDR discussions. Encourage you to read this blog on The Art of Ruthless Prioritization and Why It Matters to Sec Ops.
After distilling the many point of views and the themes on XDR, it seems the core functions all focus on improving security operations immensely during an attack. So, it’s a reactive function
| XDR Core & Baseline functions | Why? |
| Cross infrastructure—comprehensive vector coverage |
Gain comprehensive visibility & control across your entire organization and stop operating in silos
Remove disparate efforts between tools, data and functional areas |
| Distilled data and correlated alerts across the organization | Remove manual discover and make sense of it all |
| Unified management with a common experience | From a common view or starting point removes the jumping between consoles and data pools to assure more timely and accurate responses |
| Security functions automatically exchange and trigger actions | Some security functions need to be automated like detection or response |
| Advanced functions—not noted in many XDR discussions | Why? |
| Actionable intelligence on potentially relevant threats | Allow organizations to proactively harden their environment before the attack |
| Rich context that includes threat intelligence and organizational impact insight | Organizations can prioritize their threat remediation efforts on major impact to the organization |
| Security working together with minimal effort |
Simply tie a range of security functions together to create a united front and optimize security investments
|
The end game is better security operational efficiencies. This can be expressed in a handy outcome check list perhaps helpful when assessing XDR solutions.
| Visibility | Control |
| More accurate detection | More accurate prevention |
| Adapt to changing technologies & infrastructure | Adapt to changing technologies & infrastructure |
| Less blind spots | Less gaps |
| Faster time to detect (or Mean Time to Detect-MTTD) | Faster time to remediate (or Mean Time to Respond-MTTR) |
| Better views and searchability | Prioritized hardening across portfolio—not isolated efforts |
| Faster & more accurate investigations (less false positive) | Orchestrate the control across the entire IT infrastructure |
McAfee Enterprise goes beyond the common XDR capabilities in the recently announced MVISION XDR and offers unmatched proactivity and prioritization producing smarter and better security outcomes. This means your SOC spends less time on error-prone reactive fire drills with weeks of investigation. SOCs will respond and protect what counts a lot quicker. Imagine getting ahead of the adversary before they attack.
Is XDR a solution or product to be bought or an approach an organization’s must rally their security strategy to take? Honestly it can be both. Many vendors are announcing XDR products to buy or XDR capabilities. An XDR approach will shift processes and likely to merge and encourage tighter coordination between different functions like SOC analysts, hunters, incident responders and IT administrators.
It depends on the organizations’ current cybersecurity maturity and readiness to embrace the breadth and required processes to obtain the SOC efficiency benefits. With the promise to correlate data across the entire enterprise implies some of the mundane and manual efforts to make sense of data into a better and actionable understanding of a threat are removed. Now this is good for organizations on both spectrums. Less mature organizations who do not have resources or expertise and do not consume data intelligence to shift through will appreciate this correlation and investigation step, but can they continue the pursuit of what does this mean to me. Medium to high mature cybersecurity organizations with expertise will not need to do the manual work to make sense of data. The difference with mature organizations comes with the next steps to further investigate and to decide on the remediation steps. Less mature organizations will not have the expertise to accomplish this. So, the real make a difference moment is for the more mature organization who can move more quickly to a response mode on the potential threat or threat in progress.
If you are a medium to high mature cybersecurity organization, the question comes how and when. Most organizations using an Endpoint Detection and Response (EDR) solution are likely quite ready to embrace the XDR capabilities since their efforts are already investigating and resolving endpoint threats. It’s time to expand this effort gaining better understanding of the adversary’s movement across the entire infrastructure. If you are using MVISION EDR you are already using a solution with XDR capabilities since it digests SIEM data from McAfee Enterprise ESM or Splunk (which means it goes beyond the endpoint, a key XDR requirement.) Check out the latest award MVISION XDR received amongst the many recognitions.
Hope this blog removed the jargon and fog around XDR and offers actionable considerations for your organization to boost their SOC efforts. Start your XDR journey here.
The post Unravel the XDR Noise and Recognize a Proactive Approach appeared first on McAfee Blog.
(pictured credit: axel 795, Pixabay)
If you have teens and you haven’t yet heard of ‘Among Us’ then I guarantee it won’t be long. Among Us is an online deception and strategy game that is having a real moment worldwide. Over the last six months, it has amassed 85 million players on both PC and mobile. In September, it broke the all-time record-setting peak player ceiling on Steam when nearly 400,000 people played it simultaneously and, Google Trends reports that there were 50 times more Google searches for it at the beginning of October, as compared to the beginning of August.
Among Us is an online multi-player game that is set on a failing spaceship. Suitable for up to 10 players, it has been compared to ‘Murder in the Dark’ or ‘Murder Wink’ – the old-school party game you may have played as children.
At the start of the game, you’re advised whether you are a regular crew member or an imposter. Crew mates are tasked with completing small tasks that benefit the spaceship eg cleaning our air-conditioning ducts whereas imposters (between 1-3 players) create havoc on the spaceship and seek out victims to kill – without letting anyone know.
Every time a dead body is found, a crewmember will call a meeting to workshop who they think the imposter is. This is one of the few times players can talk to each other. As you can imagine, this can get very heated (and entertaining) as players try to implicate others and remove themselves from focus. All players then vote on who they think the imposter is – and the player with the most votes is ejected from the spaceship’s airlock.
Crewmates win by managing to repair the ship and eject all the imposters while the imposter wins by killing all the crewmates before they complete their jobs.
Among Us was actually launched in 2018 but to little fanfare. But the planets have aligned for the developers at InnerSloth and it has become one of the biggest online games ever. In fact, it’s so successful that the developers have abandoned plans for a sequel and are instead, investing their resources into perfecting the original.
There’s no doubt that pandemic life has contributed to the popularity of Among Us with many touting it as the ultimate group party game. In fact, some believe it brings all the energy and pizazz of board game night – just virtually.
It is extremely easy to learn. So, if you aren’t a gamer with years of experience (that’s me) you can absolutely play. This concept has been described by popular YouTube gamer Pegasus as ‘ingenious’ for its simplicity, and praised for its ‘extremely social’ nature.
The game is also very well priced. In fact, it’s free on mobile – but you will have to view some ads. And it’s only around $7 on a PC – so much cheaper than anything my kids have played in years!
The Classification Board here is Australia gives Among Us a PG rating which means the content is mild in impact. But they do state that PG rated content is ‘not recommended for viewing by people under the age of 15 without guidance from parents, teachers or guardians.’
In Australia, the game is rated as suitable for 9+ on the App Store. On Google Play it is nominated as suitable for ages 10+.
The role of the imposter in the game to hunt and murder players is aggressive and violent. Yes, it is a cartoon-like visual which does reduce the impact but there are still bodies left lying around after the deed is done.
Parents know their children the best. Absolutely take heed of the advice, but ultimately, you need to decide what’s suitable for them. If you do decide to let your younger children play – or they’ve already discovered it – please talk about violence in video games. Does watching violent images make them feel scared or more aggressive? Do they feel better if they talk about it or, in fact, choose to watch something less violent?
There is opportunity to chat with strangers in the game but it is less than most online games. Players can chat in the online waiting room before a game starts and of course, there is also interaction in the meetings during which the group tries to work out who the imposter is. Enabling the censor chat mode is a good option here – this limits word and aims to block out expletives however I understand that isn’t completely fool proof.
But you can choose to play the game offline, locally, which means you play only with people you know. You simply share a generated code with the players you want to join the game. I highly recommend this for younger children and teens or if you want to play the game as a family. The game can be played with as few as four players which makes an offline game far easier to get happening.
Both trust and deceit are at the core of this game. Learning who to place your trust in is part of being a successful crewmember in Among Us whilst being a master of deceit will win you the game as an imposter.
You could argue that these themes are no different to playing Murder in the Dark or even the old classic Cluedo. However, I would absolutely have a conversation with your kids about the difference between real life and online (or gaming) life. Why not weave it into your dinnertime conversation?
My boys are really enjoying playing Among Us, in fact – we have earmarked this weekend for a family game. But please ensure you are comfortable with the game before you give your kids the green light. And if you do, be assured that one of the reasons this game is so popular is because players feel like they are part of a community – and isn’t that what we all need at the moment?
‘till next time.
Alex xx
The post What You Need to Know About Among Us appeared first on McAfee Blogs.
Malicious actors are increasingly taking advantage of the burgeoning at-home workforce and expanding use of cloud services to deliver malware and gain access to sensitive data. According to an Analysis Report (AR20-268A) from the Cybersecurity and Infrastructure Security Agency (CISA), this new normal work environment has put federal agencies at risk of falling victim to cyber-attacks that exploit their use of Microsoft Office 365 (O365) and misuse their VPN remote access services.
McAfee’s global network of over a billion threat sensors affords its threat researchers the unique advantage of being able to thoroughly analyze dozens of cyber-attacks of this kind. Based on this analysis, McAfee supports CISA’s recommendations to help prevent adversaries from successfully establishing persistence in agencies’ networks, executing malware, and exfiltrating data. However, McAfee also asserts that the nature of this environment demands that additional countermeasures be implemented to quickly detect, block and respond to exploits originating from authorized cloud services.
Read on to learn from McAfee’s analysis of these attacks and understand how federal agencies can use cloud access security broker (CASB) and endpoint threat detection and response (EDR) solutions to detect and mitigate such attacks before they have a chance to inflict serious damage upon their organizations.
McAfee’s analysis supports CISA’s findings that adversaries frequently attempt to gain access to organizations’ networks by obtaining valid access credentials for multiple users’ O365 accounts and domain administrator accounts, often via vulnerabilities in unpatched VPN servers. The threat actor will then use the credentials to log into a user’s O365 account from an anomalous IP address, browse pages on SharePoint sites, and then attempt to download content. Next, the cyberthreat actor would connect multiple times from a different IP address to the agency’s Virtual Private Network (VPN) server, and eventually connect successfully.
Once inside the network, the attacker could:
McAfee’s comprehensive analysis of these attacks supports CISA’s proposed best practices to prevent or mitigate such cyber-attacks. These recommendations include:
While these recommendations provide a solid foundation for a strong cybersecurity program, these controls by themselves may not go far enough to prevent more sophisticated adversaries from exploiting and weaponizing cloud services to gain a foothold within an enterprise.
Organizations will gain a running start to identifying and thwarting the attacks in question by implementing a full-featured CASB such as McAfee MVISION Cloud, and an advanced EDR solution, such as McAfee MVISION Endpoint Threat Detection and Response.
Deploying MVISION Cloud for Office 365 enables agencies’ SOC analysts to assert greater control over their data and user activity in Office 365—control that can hasten identification of compromised accounts and resolution of threats. MVISION Cloud takes note of all user and administrative activity occurring within cloud services and compares it to a threshold based either on the user’s specific behavior or the norm for the entire organization. If an activity exceeds the threshold, it generates an anomaly notification. For instance, using geo-location analytics to visualize global access patterns, MVISION Cloud can immediately alert agency analysts to anomalies such as instances of Office 365 access originating from IP addresses located in atypical geographic areas.
When specific anomalies appear concurrently—e.g., a Brute Force anomaly and an unusual Data Access event—MVISION Cloud automatically generates a Threat. In the attacks McAfee analyzed, Threats would have been generated early on since the CASB’s user behavior analytics would have identified the cyber actor’s various activities as suspicious. Using MVISION Cloud’s activity monitoring dashboard and built-in audit trail of all user and administrator activities, SOC analysts can detect and analyze anomalous behaviors across multiple dimensions to more rapidly understand what exactly is occurring when and to what systems—and whether an incident concerns a compromised account, insider threat, privileged user threat, and/or malware—to shrink the gap to remediation.
In addition, with MVISION Cloud, an agency security analyst can clearly see how each cloud security incident maps to MITRE ATT&CK tactics and techniques, which not only accelerates the entire forensics process but also allows security managers to defend against similar attacks with greater precision in the future.
Furthermore, using MVISION Cloud for Office 365, agencies can create and enforce policies that prevent the uploading of sensitive data to Office 365 or downloading of sensitive data to unmanaged devices. With such policies in place, an attacker’s attempt to exfiltrate sensitive data will be mitigated.
In addition to deploying a CASB, implementing an EDR solution like McAfee MVISION EDR to monitor endpoints centrally and continuously—including remote devices—helps organizations defend themselves from such attacks. With MVISION EDR, agency SOC analysts have at their fingertips advanced analytics and visualizations that broaden detection of unusual behavior and anomalies on the endpoint. They are also able to grasp the implications of alerts more quickly since the information is presented in a format that reduces noise and simplifies investigation—so much so that even novice analysts can analyze at a higher level. AI-guided investigations within the solution can also provide further insights into attacks.
With a threat landscape that is constantly evolving and attack surfaces that continue to expand with increased use of the cloud, it is now more important than ever to embrace CASB and EDR solutions. They have become critical tools to actively defend today’s government agencies and other large enterprises.
Learn more about the cloud-native, unified McAfee MVISION product family. Get your questions answered by tweeting @McAfee
The post How CASB and EDR Protect Federal Agencies in the Age of Work from Home appeared first on McAfee Blogs.
Paying Tribute
November 11 marks Veterans Day and Remembrance Day. It is a time for us to come together and honor the brave men and women who have risked their lives to protect our nations.
We pay tribute to those who have served in the U.S. military during Veterans Day. In the Commonwealth countries, we honor military members through Remembrance Day, a day to remember those who have passed on in the line of duty.
At McAfee, we’re proud to work with our veterans! They’ve served and protected our countries and today, they protect all that matters at McAfee.
To honor their sacrifice, we asked McAfee veterans to share throwback photos from their days of service or photos with loved ones in service. Check them out!
Thoughts from our veteran community
This Veterans Day, members from our McAfee Veterans Community share what this day means to them:
“This day reminds me of the people I worked with and the difference we made. It’s the people who volunteer to serve in the military, sacrificing years of their lives, and in some cases, their very lives, who guard and protect the freedoms guaranteed by the Constitution. All military personnel take an oath that, in part, says, ‘I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same.’ This oath doesn’t expire when a service member leaves military service.“
– Andrew, Senior Service Reliability Engineer, Cloud
“This day is the day we honor the silver haired guy in a Prius with a Silver Star license plate or the quiet thirty something mom in the store with her noisy kids wearing the Marine-Corps T-shirt with two tours in Afghanistan under her belt.. Not everyone was a Delta operative or a Navy SEAL. They all however – to a man and woman – had their place in the system that kept us safe. Find them; thank them for their service and your freedom.”
– Kevin, Customer Success Manager, CSG
“I will never stop being Ex Armed Forces. I think fondly of my time in the Royal Navy. I would do it all again in a heartbeat. I still get a lump in my throat when I hear “Heart of Oak” or the “The Last Post” being played. The friends I made and the people I met during my service from all countries and all parts of the Armed Forces, friend or foe, all have a similar vein running through them. Remembrance Day reminds me that while some of us are not here anymore, that vein is still with us and them.“
– Paul, Associate Technical Support Engineer, Customer Success Group
“My family has a history of service and I grew up knowing I would join the Military. I joined the Royal Navy in 1982 at age 18. I’m proud to have served and I will continue to observe the 1 minute silence and attend the remembrance service and take the time to remember the sacrifice. Lest we not forget. For those brave who gave their lives so we could live ours.”
– Tudor, Sr. Project Manager – New Product Information, Global Product Operations
We continue to make strides in actively recruiting veterans and nurturing career growth by empowering the transferable skills from active duty. Join us!
|
Search Career Opportunities with McAfee
Interested in joining our team? We’re hiring! Apply now. Stay Connected For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post Honoring Our Brave Military Veterans from the McAfee Community appeared first on McAfee Blogs.
Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically used in heterogenous environments of Windows and Unix/Linux for file sharing. The vulnerability can be reproduced to cause an immediate BSOD (Blue Screen of Death) within the nfssvr.sys driver. Interestingly, the November patches from Microsoft also include a remote kernel data read vulnerability in the same nfssvr.sys driver (CVE-2020-17056), which leads to a potential ASLR (address space layout randomization) bypass. The combination of these two vulnerabilities dramatically increases the likelihood of a remote exploit when used on Windows Server to bypass exploit mitigations. CVE-2020-17051 is the first known vulnerability which has been disclosed within the Windows implementation of the NFSv3 protocol to the best of our knowledge.
The vulnerability is believed to impact all versions of Windows Server when:
A Shodan query reported 38,893 servers with port 2049 exposed to the internet; however, it is unknown what percentage of these servers are actually NFS shares and actually configured with anonymous write access. The network share discovery technique is typically used by an adversary within the discovery phase of the MITRE ATT&CK framework with the objective to gain further privileges. CVE-2020-17051 would give adversaries the ability to spread worm–like within heterogenous Windows and Unix/Linux environments using anonymous write access file shares over NFSv3.
Patching is always the first and most effective course of action. If it’s not possible to patch, the best mitigation is to limit Windows NFSv3 server share write access internally and block any external access to vulnerable servers. For those McAfee customers who are unable to deploy the Windows patch, the following Network Security Platform (NSP) signatures will provide a virtual patch against attempted exploitation of this vulnerability.
NSP Attack ID: 0x40c01200 – NFS Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)
The post CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server appeared first on McAfee Blogs.
For more than 20 years, the cybersecurity industry has been focused on enterprises, not on a larger national integrated security environment – and certainly not on comprehensive home security. Smart devices that make home life more convenient have been growing in acceptance and adoption, but by and large, the industry continues to concentrate on enterprise security. Even from a standards perspective, the National Institute of Standards and Technology (NIST) has focused on enterprises and the federal government, not the home.
The NIST Cybersecurity Framework, for example, a highly regarded security framework, is intended for enterprises, not homes. Yet today, the devices and connectivity in many homes outnumber those in small businesses of 20 years ago. Homes are following along the same path as small businesses, and like them, need more focused attention and protection.
COVID-19 forced organizational change in the blink of an eye, forcing an overnight transition from mostly centralized work environments to a highly distributed work-from-home infrastructure. This rapid shift to working from unsecured and unmanaged environments (IT, IoT, mobile, cloud, etc.), has greatly complicated organizational cybersecurity exposure challenges while creating a massive expansion of the digital attack surface. With many employees having to use personal devices for business purposes, enterprises now need to consider adopting policies that provide them greater management and control over these personal devices. The security challenge once focused on BYOD (bring your own device) has now morphed into BYEH — “Bring Your Enterprise Home.” We need new security standards and practices to address this shift.
While my company and others had the policies, management processes, controls, equipment and software in place to protect this new corporate ecosystem, they did so with the understanding the home is a very inhospitable security environment at present.
In my own home, for instance, there are many different systems of devices (wireless lighting, smart locks, multiple smart TVs, multiple streaming devices, smart plugs, wireless security system, digital assistants, wireless speakers, cameras, thermostats, and other home management connected devices. And this is before we add in the computers, laptops, iPads and smart phones for all its residents. An ever-growing number of IoT devices are helping people to transform their houses into smart homes, but homeowners often don’t know how to secure these devices. Additionally, many of the products don’t communicate or integrate with each other, exacerbating the discovery of security weaknesses.
Today, a bad actor can break into a home and steal things of value – bank account, credentials, sanity (by turning smart lights on and off at 3 am and blasting music from connected speakers) – without even physically walking through the door. This is a major problem for individuals, but it’s an even greater problem for enterprises and governments turning to remote work to continue operations during the COVID-19 pandemic.
Take all of the devices in each home, smart or otherwise, multiplied by all of the federal government employees alone, and you’ll have a vision for how large a threat vector we’ve just created by asking employees to work from home. Then add in government contractors, who may or may not have access to the same level of security as permanent employees. Then realize this is not just a government problem but a whole-of-nation problem, where businesses and other organizations need to assure their staffs’ remote access to their corporate properties are protected and secure.
Cybersecurity is not the only area we need to address. For example, ISPs often give priority to supporting enterprise customers when there are outages. Timelines from reporting-to-fix for enterprises is measured in hours, while timelines for correcting consumer outages is quite often measured in days. Now, however, the lines between what is a remote critical connection and what is not are highly blurred. How does an organization indicate to an ISP that a specific connection needs a critical designation and a priority response? How do we extend the concept of “home-points” being a component in an individual enterprise’s infrastructure?
Relatedly, broadband access and network connection speeds are now more important than ever. It may be time for the Federal Communications Commission to rethink its designation of broadband, as 25/3 Mbps is not really suitable for a family with multiple children engaged in remote learning while Mom and Dad work from home.
The waves of change that COVID-19 has set in motion have turned homes into workspaces, making every connected device in a home a risk to each person’s employer. Now the home isn’t just a smart home; it’s a remote office, as well as a schoolroom, a doctor’s office and the front door to malls and grocery stores.
As we work to adapt our economy and country in the wake of the pandemic, it’s critical that we also rethink the security of our homes to ensure there are standards for protection in place. Our homes are now part of an enterprise environment. It’s time that we as a nation considered the home as such and adopted policies and security practices to meet the new BYEH reality.
The post Home-Point Cybersecurity: Bring Your Enterprise Home appeared first on McAfee Blogs.
Corporate boards have many dimensions of responsibility. Cybersecurity can be one of the most nuanced and important areas of focus for a board, but not all board members are well versed in why and what they need to care about related to cybersecurity.
Cybersecurity is a board level topic for three main reasons:
Security breaches can hurt companies financially, negatively impact brand reputation, and result in data loss (both personal and company intellectual property) just to name a few of the impacts. Unfortunately breaches that impact hundreds of millions or even billions of people are more common that we would like. Some of the more notable cybersecurity breaches you may remember are Equifax back in 2017, Adobe in 2013, and Zynga (the company that makes Words with Friends) in 2019. In July 2020, we saw key high-profile Twitter accounts compromised. You don’t want to see your company name in the news headlines due to a breach!
Besides security breaches, governance in cybersecurity is becoming more important. Governance describes the policies and processes which determine how organizations detect, prevent, and respond to cyber incidents. In many organizations, there is a division between the governance and management activities. Board members should be involved in evaluating security related reporting requirements and overall competence of the cybersecurity program, policies and procedures. If you are a US public company, there are additional board requirements from the Securities and Exchange Commission that you should be familiar with such as requiring written disclosure of how the board administers its risk oversight function.
Government regulations and compliance also needs to be considered. However, just being compliant doesn’t mean you are secure. Cyber legislation has been frequently proposed by Congress over the years. Almost all US states have their own laws about what constitutes a security breach and when to disclose the breach. It is important to understand the local, state and federal laws (including international laws) related to cybersecurity for where you do business.
Everyone on the board is responsible and could potentially be held accountable for a breach both legally and financially. It is not only the CISO, CSO or CIO’s responsibility to care and do the right thing. We all have a role to play to ensure the company is protected and set up for success.
When one person doesn’t do their part, things can fall apart for a company. For instance, in August 2020, a former Uber company executive was criminally prosecuted for not disclosing a data breach back in 2016. Uber’s former Chief Security Officer was charged with obstruction of justice and concealing a felony for allegedly failing to report their 2016 breach to the Federal Trade Commission. This is the first direct example in the US of an executive facing criminal charges and jail time over how they responded to a data breach.
As you discuss cybersecurity on the board, how do you evaluate your company’s stance? Here are some tips you can start doing today. This list is by no way complete, but here are things you can start doing today.
Cybersecurity is a very important topic for the boardroom and should not be taken lightly; however, it doesn’t need to be overwhelming. Utilize these tips to get you on the right path for your company, and if you don’t have a cybersecurity expert on your board, there are experts who can provide guidance.
The post Are You Prepared for Cybersecurity in the Boardroom? appeared first on McAfee Blogs.
Where would we be without our internet this year?
We’ve shopped, worked, studied and taught, job hunted, and cared for each other online this year in ways we haven’t before—not to mention entertained ourselves plenty too. As so many of us have faced challenges and outright adversity this year, it’s difficult to imagine what this year would have been like without the support of a reliable broadband internet connection. So much so, you can argue that it’s become a necessity.
For that, I’m thankful—and recognize that we have a long way to go before all of us can share in those same thanks. As I’ve mentioned in earlier blogs, fixed broadband internet access at home remains elusive for many. In the U.S. alone, one analysis shows that more than 150 million people do not use the internet at broadband speeds, which is practically half of the U.S. population.
A good question to ask here is what exactly constitutes “broadband?” The Federal Communications Commission (FCC) defines broadband speeds as 25 Megabits per second (Mbps) of download speed and 3 Mbps of upload speed. (Note that the FCC estimates only 21 million people in the U.S. are without broadband, a number widely considered to be low.)
Put in everyday terms, 25 Megabits per second of download speed is baseline figure that should provide a family of two to four people with enough capacity to engage in bandwidth-hungry activities like working from home, schooling online, or even receiving medical care through telemedicine, along with streaming to stay entertained and informed too.
As we look at that figure of 150 million underserved people, we see people who live in remote areas that simply aren’t wired for broadband yet, representing millions of rural residents and people living on tribal lands. Additionally, it also includes people in urban areas who potentially have access to a broadband connection, yet their income levels impact their ability to subscribe to it.
Obviously, a major hurdle in rolling out broadband nationwide is the 1.9 billion acres that makes up our country. The physical, technological, and financial efforts associated with building fixed broadband access across rural and remote terrain are substantial to say the least. Additionally, there are regulatory matters as well, like the rules that govern access to existing utility poles and conduits needed for broadband deployment.
Ultimately, we’re talking about connecting not just homes, but entire communities—people, businesses, libraries, granges, local government, and more. Getting them access to broadband isn’t just a commercial interest, it’s a matter of infrastructure as well. Just as water and electricity are utilities, we can argue that the internet, broadband internet, has long since evolved into a utility. The reasons are clear: education, economic growth, employment and even access to healthcare all stand to improve when broadband is available to a community, as has been seen in communities such as Chattanooga, Tennessee and in Delta County, Colorado. Thus it makes sense that connecting them has become a joint endeavor by the public and private sector.
Meanwhile, last summer, the lack of adequate broadband across Nebraska during the pandemic prompted the state’s governor and legislature to allocate pandemic relief funds and pass bills that would speed the deployment of broadband across the state. As reported by the Omaha World-Herald, one of Nebraska’s rural power district managers said of fixed broadband service, “It goes beyond economic development, it goes beyond watching Netflix, there’s some real business implications here.”
However, even in communities where broadband is physically available, pockets of low-speed connectivity exist as well. According to the Pew Research Center, only 53 percent of adults with an income under $30,000 had broadband access at home. For those with an income of between $30,000 and $100,000, that figure takes a major leap up to 81%. Instead, lower-income Americans turn to their smartphones for all their internet access. From the findings:
“As of early 2019, 26% of adults living in households earning less than $30,000 a year are “smartphone-dependent” internet users–meaning they own a smartphone but do not have broadband internet at home. In contrast, only 5% of those living in households earning $100,000 or more fall into this category in 2019.”
What does a smartphone-only internet life might look like? Pew Research Center put that into perspective in a survey where respondents were asked about job hunting on the internet. Some 32% of people with a reported household income of under $30,000 said that they submitted a job application by phone. For those households making more than $75,000, that figure was just 7%. (Cost is certainly a factor, yet it is encouraging to see that the reported average cost of broadband in the U.S. is dropping—down to $50 a month from just over $67 a month a year ago.)
That’s just one example of a smartphone-only internet, yet you can imagine how difficult it must be to create a resume, complete schoolwork, or work remotely when your internet experience is limited to the small screen of a phone. Contrast that with this year’s need to work and study at home. A low-income household that’s dependent on smartphones misses out. Their internet is a less useful and less productive internet experience. They simply can’t work, learn, and train at home like fully connected households can.
My hope in sharing this issue with you is so that we can all gain a bit of perspective. Far fewer people have access to a broadband internet experience than we might initially think, which results in a lack of connectivity that stunts the benefits and opportunities they and their communities can realize.
Granted, the solution for increasing broadband access largely rests with state-level broadband offices, budgeting and legislation at the federal government level, along with public partnerships and interest groups who are all pushing for improved broadband access. (And, in the states which allow it, municipal broadband solutions.) However, as individuals, we can let this reality shape some of our decision-making on a local level.
When library funding measures come up for approval in your community, consider giving them your “yes” vote, as they may present an opportunity to fund library locations and services where people can access free broadband. Likewise, give school levies your consideration, they may help get a computer in the hands of a student who doesn’t have one. (An 11% increase in PC, Mac, and Chromebook sales this year was largely driven by the education market, which needed to supply computers for in-home learning.) These are just a couple of ways that we can “think global, act local” and help others get access to a full broadband internet experience.
So as Thanksgiving approaches, let’s indeed say thanks for the connectivity and internet experience so many of us enjoy—and how vital that was this year. Likewise, let’s remember that our country and the communities within it still have a way to go before the overwhelming majority of us can benefit from that same experience—so that they can enjoy and be thankful for it too.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Thankful for broadband internet, and hopeful for much more appeared first on McAfee Blogs.
Change happens – sometimes much faster than expected – like it has in 2020. When the threat landscape shifts suddenly, security professionals must quickly react and change their security posture. This not only means reconfiguring existing security investments but also adding new ones.
But given the number of heterogenous security applications sold by multiple vendors, new security expansions are tough to manage. They not only have to co-exist with the existing security infrastructure, but they must be integrated to avoid leaving security gaps attackers can exploit. User and business experience must be maintained as well. Is it any wonder, then, that CISOs continue to struggle? It’s hard to optimize and manage existing cybersecurity software investments — and expand security capabilities – all the while keeping up with shifting business needs.
It is time you demand more from your security vendors. It’s perfectly reasonable to expect them to do the following:
Here’s where “Composable Security,” a breakthrough architectural extension from McAfee addresses this chronic IT turbulence. In practice, the concept allows MVISION ePO (ePolicy Orchestrator) administrators to add multi-vendor security modules quickly and easily assemble best-in-class solutions that meet your particular needs. Users can compose, and then re-compose, powerful, cloud-based or on-prem security solutions certified to seamlessly plug-and-play. With a few clicks, you can add new capabilities to your existing security infrastructure in minutes.
MVISION ePO now offers Composable Security capabilities. Let’s take a closer look:
The era of monolithic and often disconnected, security solutions has passed. We believe customers want a connected security architecture that can rapidly adopt and implement new tools, sensors and data from a myriad of disparate but innovative solutions. When change occurs seemingly overnight, like we saw with the explosion in the number of people working from home due to Covid-19, executives don’t have the luxury of waiting until the next budget cycle to take action. But with MVISION Marketplace, we are enabling companies to easily scale their security infrastructure.
This new application marketplace enables McAfee and our partners to deliver pre-integrated, best-in-class solutions to customers. The marketplace offers products that expand and extend McAfee solutions. Organized in easy to understand categories, the marketplace features a tile per partner. Each integration is “McAfee Certified” which means that McAfee has certified the integration with that partner.
Clicking on the tile enables you to drill down and understand the value delivered by each integration. When you see something you like, click through and try it out. Here’s where pre-integration makes the combined value proposition easy to understand. The idea is for customers to experience the value quickly before they make a decision.
By utilizing our partners in the MVISION Marketplace, you can not only evolve your security architecture; you also improve your team’s responsiveness to real-time threats—and become less preoccupied with tool integration.
We worked closely with multiple partners to build out this marketplace. These composable solutions are from leaders in their field including Attivo Networks, IBM Security, Seclore, Service Now, Siemplify, and ThreatQ. Their certified solutions extend the capabilities of existing security environments, whether cloud-based or on premise. This new ability to mix and match applications over and over also addresses many pressing business challenges. It helps organizations address technology, time, compliance, and resource constraints in minutes — rather than in hours, days or weeks.
Attivo working with McAfee delivers the best endpoint solution in the industry. Attivo’s blog covers how McAfee + Attivo are better together for customers.
Seclore working with McAfee delivers the best Information security solution in the industry. Read their blog to learn how McAfee + Seclore are better together for customers.
ThreatQuotient, Swimlane, and Siemplify, working with McAfee, deliver one of the best SOC solutions in the industry. Learn more about how ThreatQuotient, Swimlane, and Siemplify are better together with McAfee for our customers.
Our market leading Security Innovation Alliance Program has created the largest integrated security ecosystem in the industry. We’re not done. You can expect us to add new partners quickly. In the meantime, if you find a partner missing that you want us to add to our list, please reach out to me.
We live in an era where more security is automated rather than managed through consoles. MVISION API’s goal is to be the single interface for your non-console interactions with the McAfee portfolio. It’s a powerful capability that delivers a single, web scale, global interface with unparalleled access to your McAfee portfolio. The goal is threefold:
The API, at launch, is tuned towards an Open EDR solution enabling customers to expand and extend MVISION EDR. Top use cases are driven by the need of SOC analysts to build playbooks, manage cases, search for IOCs, synchronize Incidents and build intelligent extensions to the vast amount of control visibility we provide.
We have very ambitious plans. So, watch this space as we make rapid progress.
Opening up the MVISION Developer Portal to all Innovators using the MVISION APIs, application developers and ISVs can build public or private applications. This portal for application developers enables them to build, test, and certify their applications prior to making them available on MVISION Marketplace or for customers to develop and deploy their private apps.
I expect startups will leverage MVISION APIs to build their innovation on top of McAfee products. In fact, we encourage them to do so and deliver their innovations next to McAfee products and deliver them to our customers through the marketplace.
Of course, organizations can also choose to create a variety of custom apps using MVISION APIs from the MVISION Developer Portal. The only limit is your own creativity. You can build new Intelligent apps, automate your current processes, integrate your SIEM, build an OT extension, or just sit back and enjoy a comprehensive dashboard that tracks your security posture.
These capabilities work together to deliver a Composable Security Platform enabling McAfee and its ecosystem to deliver pre-integrated, high-value solutions to customers. This is a big breakthrough that will make your job easier. All it now takes is a few minutes to make a few clicks to add valuable new capability.
Try it out and see for yourself at http://marketplace.mcafee.com/ and https://developer.mcafee.com/. I hope you will find this set of capabilities valuable and welcome your ideas on how to make them even better. And don’t be shy. Drop me a line @ javed_hasan@mcafee.com to tell me what improvements you want to see.
The post Bridge the Gap Between the Security You Have and the Security You Need appeared first on McAfee Blogs.
Core to any organization is managing cyber risk with a security operations function whether it be in-house or outsourced. McAfee has been and continues their commitment to protecting cyber assets. We are dedicated to empowering security operations and with this dedication comes expertise and passion. Introducing SOCwise a monthly series of blogs, podcasts and talks driven by two highly experienced and devoted security operations professionals. This is an ongoing resource of helpful advice on SOC issues, distinct SOC functional lessons, best practices learned from a range of projects and customers and perspectives on the future of security operations. In addition, we will invite guests to contribute to this series.
From the perspective of a ‘legacy SIEM’ guy I can tell you that there’s nothing more important to a security analyst than intelligence. Notice I didn’t say ‘data’ or ‘information’ – I didn’t even say ‘threat intelligence’. I’m talking about ‘Situational Awareness’. I’m specifically talking about business, user and data context that adds critical understanding and guidance in support of making more timely, accurate or informed decisions related to a given security event. A typical SOC analyst might deal with dozens of incidents each shift – some requiring no more than a few minutes and even fewer clicks to quickly and accurately determine the risk and impact of potential malicious activities. Some incidents require much more effort to triage in hopes to understand intent, impact and attribution.
More often we find the role of SOC analyst to be one of data wrangler – asking and answering key questions of the ‘data’ to determine if an attack is evident and if so, what is the scope and impact of the adversarial engagement. Today’s modern SOC is evolving from one of centralized data collection, information dissemination and coordination of intelligence – one where each stakeholder in security was a part of the pre-determined set of expectations throughout the evaluation and implementation process – to a fully distributed cast of owners/creators (application development, operations, analysts, transformation architects, management) where the lines of authority, expectation and accountability have blurred sometimes beyond recognition.
How can a modern SOC maintain the highest levels of advanced threat detection, incident response and compliance efficacy when they may no longer have all (or sometimes even some) of the necessary context with which to turn data into intelligence? Will Security Operations Centers of the future resemble anything like the ones we built in previous years. From the massive work-from-home migration brought on by an unexpected pandemic to cloud transformation initiatives that are revolutionizing our modern enterprise, the entire premise of a SOC as we know it are being slowly eroded. These are just some of the questions we will try to answer in this blog series.
I have worked for 20 years in this industry that we once used to call, information security. During this time, I have had the opportunity to be both on the offense and the defense side of the cyber security coin, as a practitioner and as a consultant, as an architect and as an engineer, as a student as well as a SANS author & instructor. I want to believe that I have learned a few things along the way. For example, as a penetration tester and a red teamer, I have learned that there is always a way in, that prevention is ideal, and that detection is a must. As a security architect I have learned that a defensible architecture is all about the right balance between prevention, monitoring, detection and response. As an incident responder I learned that containing an adversary is all about timing, planning and strategy. As a security analyst I have learned the power of automation and of human-machine teaming, to do more analysis and less data gathering. As a threat hunter I have learned to be laser focused on adversarial behaviors, and not on vulnerabilities. And as a governance, risk and compliance consultant, that security is all about tradeoffs, about cost and benefit, about being flexible, adaptable and realizing that for most of our customers, security is not their core business, but something they do to stay in business. To summarize 20 years in a few phrases is challenging, but no one has summarized it better than Bruce Schneier in my opinion, who wrote, precisely 20 years ago: “security is a process, not a product”.
And I am sure that you will agree with me that processes have changed a lot over the last 20 years. This transformation that had already started with the adoption of Cloud and DevOps technologies it is now creating an interesting and unforeseen circumstance. Just when security operations barely found its footing, and right when it was finally coming out from under the realm of IT, garnering respect and budget to achieve desired outcomes, just when we felt that we made it, we are told to pack our things, leave the physical boundaries of the SOC and have everyone work remote.
If this didn’t introduce enough uncertainty, I read that Gartner predicts that 85% of data centers will be gone by 2025. So, I can’t help but wonder: is this the end of it? Is the SOC dead as we know it? What is the future of SecOps in this new paradigm? How will roles change? Will developers own security in a ‘you code it, you own it’ fashion? Is it realistic to expect a fully automated SOC anytime soon?
Please join us in this new SOCwise series as Michael and I explore answers to these and more questions on the future and the democratization of SOC and SecOps.
The post SOCwise: A Security Operation Center (SOC) Resource to Bookmark appeared first on McAfee Blogs.
Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tom’s Guide, call participants can guess a user’s passwords through the arm and shoulder movements they make while they type.
Let’s unpack how this threat works so you can continue to connect via video calls worry-free.
Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the target’s body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the user’s arm and shoulder movements relative to their face. From there, the program analyzes the user’s actions to guess which keys they are hitting on the keyboard – including passwords and other sensitive information.
So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the program’s accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what they’re typing.
Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. It’s also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.
Therefore, to prevent your meeting attendees from snooping on what you’re typing, follow these tips for greater peace-of-mind:
Avoid giving keyboard snoopers the upper hand by making your password or passphrase as unique as the information it’s protecting. If a hacker does manage to guess your password for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
And just like that, the holiday shopping season is among us! Like consumers everywhere, you may be trying to plan ahead when it comes to picking out gifts for your friends and family, scouring far and wide to cross items off your list. This year, however, will likely be different than past holiday shopping seasons.
While more than 124 million consumers shopped in-store during the 2019 holiday shopping weekend, findings from McAfee’s 2020 Holiday Season: State of Today’s Digital e-Shopper survey revealed that consumers plan to do more shopping online – and earlier – this holiday season. But how will this increase in online activity impact users’ digital lives?
Let’s explore what this online shopping trend means for consumer security this holiday shopping season.
The onset of the global health emergency caused users everywhere to live, work, play, and buy through their devices – maybe more than ever before. McAfee’s survey shows that general shopping activity has increased, with 49% of respondents stating they are buying online more since the onset of COVID-19. As one could predict, researchers expect these online shopping habits to bleed into the holiday shopping season. In fact, 36% of Americans note that they plan on using digital links to give gifts and spread cheer this year. However, this increase in online activity doesn’t exactly mean an increase in online safety.
Hackers love to take advantage of online trends, so it’s no surprise that they see an increase in online activity as more opportunities to spread threats. In fact, McAfee Labs observed an almost 12% increase in online threats per minute in Q2 2020 compared to the previous quarter.
Increased online activity serves as the perfect opportunity for hackers to interrupt consumers’ merriment and spread malicious misdeeds. And 36% of consumers noted that their online buying habits will increase this holiday season, even though they are aware of cyber risks. This lack of concern is troublesome, especially as hackers get stealthier in how they scam consumers. Take Black Friday and Cyber Monday discounts, for example. Forty-three percent of survey respondents admitted to not checking the authenticity of these so-called deals when going through their emails and text messages. By not taking proper security precautions, users potentially open themselves up to a blizzard of cyberthreats.
While these survey results confirm that cyber-grinches are using their tricks to interrupt the merriment, that doesn’t mean consumers can’t still have a holly, jolly shopping experience. By taking the necessary steps to protect themselves – and their loved ones – this holiday season, consumers can continue to live their digital lives with confidence. To help ensure hackers don’t put a damper on your festive celebrations, follow these security tips:
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a Black Friday or Cyber Monday offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Hackers often use consumers’ personally identifiable information to make fraudulent purchases – a trick that would certainly interrupt a holiday shopping spree. A solution like McAfee Identity Theft Protection takes a proactive approach to help protect identities with personal and financial monitoring and recovery tools to help keep identities personal and secure.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post ‘Sleigh’ Holiday Shopping by Protecting Your Online Security appeared first on McAfee Blogs.
You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready.
So while you already know how to spot a great deal, here are ways you and your family can steer clear of online scams so you can keep your finances safer this shopping season:
A common scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offer emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll clearly call those things out in the body of an email instead.
A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.
A related scammer trick that also uses typosquatting tactics is to set up sites that look like they could be run by a trusted retailer or brand but are not. These sits may tout a special offer, a great deal on a hot holiday item or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Be skeptical of any links you see there—it’s best to go to the site directly and look for the deal there.
Using a complete security software suite can offer layers of extra protection while you shop, such as web browser protection that will block malicious and suspicious links that could lead you down the road to malware or a financial scam.
Using the same narrow set of passwords only helps hackers. If they hack one account, they can then hack others—simply because that same password is in use over and over. Use a password manager that can create strong passwords and store them securely as well. That’ll save you some hassle and keep you safer in the process.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, put it into place.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi and harvesting information like your passwords and credit card numbers.
Specific to the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using those while shopping online and use your credit card instead.
Another alternative is to set up a virtual credit card, which is a proxy for your actual credit card. With each purchase you make, that proxy changes, which then makes it much more difficult for hackers to exploit. You’ll want to research virtual credit cards further, as there are some possible cons that go along with the pros, such as in the case of returns where a retailer will want to use the same proxy to reimburse a purchase.
With all the passwords and accounts we keep, this is important. Checking your credit will uncover any inconsistencies or outright instances of fraud. From there, you can then take steps to straighten out any errors or bad charges that you find. In the U.S., you can run a free credit report once a year with the major credit reporting agencies. Just drop by the Federal Trade Commission (FTC) website for details on your free credit report.
One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give into the pressure of finding that hard-to-get gift that’s so hot this year. Crooks do too, and they’ll tailor their attacks around those.
So, while you’re shopping online this year, take a deep breath before you dive in. Double-check those deals that may look almost too good to be true. They may be a scam waiting to spring—and indeed be too good to be true after all.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cyber Monday is Coming – 10 Tips to Protect You From Online Shopping Scams appeared first on McAfee Blogs.
I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – even car parts! And my story is not unique. Living with a pandemic has certainly meant we’ve had to adapt – but when it came to ramping up my online shopping so we could stay home and stay safe – I was super happy to adapt!
And research from McAfee shows that I am not alone. In fact, over 40% of Aussies are buying more online since the onset of COVID-19 according to the 2020 Holiday Season: State of Today’s Digital e-Shopper survey. But this where it gets really interesting as the survey also shows that nearly 1/3 of us (29%) are shopping online 3-5 days a week, and over one in ten consumers (11%) are even shopping online daily!! But with many online retailers offering such snappy delivery, it has just made perfect sense to stay safe and stay home!
With just over a month till Santa visits, it will come as no surprise that many of us are starting to prepare for the Holiday season by purchasing gifts already. Online shopping events such as Click Frenzy or the Black Friday/Cyber Monday events are often very compelling times to buy. But some Aussies have decided they want to get in early to secure gifts for their loved ones in response to warnings from some retailers warning that some items may sell out before Christmas due to COVID-19 related supply chain issues. In fact, McAfee’s research shows that 48% of Aussies will be hitting the digital links to give gifts and cheer this year, despite 49% feeling cyber scams become more prevalent during the holiday season.
McAfee’s research shows very clearly that the bulk of us Aussies are absolutely aware of the risks and scams associated with online shopping but that we still plan to do more shopping online anyway. And with many of us still concerned about our health and staying well, it makes complete sense. However, if there was ever a time to take proactive steps to ensure you are minimizing risks online – it is now!
McAfee’s specialist online threat team (the Advanced Threat Research team) recently found evidence that online cybercrime is on increase this year, with McAfee Labs observing 419 threats per minute between April to June 2020 – an increase of almost 12% over the previous quarter.
And with many consumers gearing up to spend up big online in preparation for the Holiday season, many experts are worried that consumers are NOT taking these threats as seriously as they should. McAfee’s research showed that between April to June 2020, 41% of 18-24 year olds have fallen victim to an online scam and over 50% of the same age group are aware of the risks but have made no change to their online habits.
At the risk of sounding dramatic, I want you to channel your James Bond when you shop online this holiday period. Do your homework, think with your head and NOT your heart and always have your wits about you. Here are my top tips that I urge you to follow to ensure you don’t have any unnecessary drama this Christmas:
Click on random, unsafe links is the best way of falling victim to a phishing scam. Who wants their credit card details stolen? – no one! And Christmas is THE worst time for this to happen! If something looks too good to be true – it probably is. If you aren’t sure – check directly at the source – manually enter the online store address yourself to avoid those potentially nasty links!
This is a no-brainer – where possible, turn this on as it adds another lay of protection to your personal data and accounts. Yes, it will add another 10 seconds to the log-in process but it’s absolutely worth it.
If you have a VPN (or Virtual Private Network) on your laptop, you can use Wi-Fi without any concern – perfect for online purchases on the go! A VPN creates an encrypted tunnel between your device and the router which means anything you share is protected and safe! Check out McAfee’s Safe Connect which includes bank-grade encryption and private browsing services.
Ensuring all your devices are kitted out with comprehensive security software which will protect against viruses, phishing attacks and malicious website is key. Think of it as having a guardian cyber angel on your shoulder. McAfee’s Total Protection software does all that plus it has a password manager, a shredder and encrypted storage – and the Family Pack includes the amazing Safe Family app – which is lifechanging if you have tweens and teens!
So, yes – please make your list and check it twice BUT before you dive in and start spending please take a moment to ask yourself whether you are doing all you can to minimise the risks when online shopping this year. And don’t forget to remind your kids too – they may very well have their eye on a large gift for you too!
Happy Christmas Everyone
Alex xx
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
Today’s U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level.
This FedRAMP Moderate designation is equivalent to DoD Impact Level 2 (IL2) and certifies that the McAfee solution has passed rigorous security requirements for the increasingly complex and expanding cloud environments of the U.S. government. The FedRAMP Moderate authorization validates the McAfee solution’s implementation of the baseline 325 NIST 800-53 controls, allowing users from federal agencies, state and local government, and other industries in regulated environments to manage Controlled Unclassified Information (CUI) such as personally identifiable information (PII) and routine covered defense information (CDI).
By achieving FedRAMP Moderate Authorization for MVISION for Endpoint, McAfee can provide the command and control cyber defense capabilities government environments need to enable on-premise and remote security teams, allowing them to maximize time and resources, enhance security efficiency and boost resiliency.
McAfee MVISION for Endpoint consists of three primary components: McAfee MVISION Endpoint Detection and Response (EDR), McAfee MVISION ePolicy Orchestrator (ePO) and McAfee Endpoint Security Adaptive Threat Protection with Real Protect (ENS ATP):
Together, these solutions provide today’s U.S. government agencies the AI-guided endpoint threat detection, investigation and response capabilities they need to confront today’s ever evolving threats across a wide variety of devices. This important FedRAMP milestone is the latest affirmation of McAfee’s long-standing commitment to providing U.S. government agencies advanced, cloud-based cyber defenses to help them meet whatever mission they may confront today and in the future.
Other recent McAfee public sector achievements include:
Please see the following for more information on McAfee’s efforts in the FedRAMP mission:
The post McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements appeared first on McAfee Blogs.
Truebill, Chargebee, Fusebill and other financial apps have been inundating my social feeds and until recently I didn’t understand why I would need one of these apps. I’m the type that knows her bank account balance to the penny and I was shocked to discover that many of my co-workers and, of course, my college kid had no idea their balance was low until they tried to use their debit card and got declined. What also surprises me is how many people don’t know what is coming out of their bank account. I may not realize precisely how much my Starbucks addiction costs but I’m in security and I need my caffeine! Keeping up with the latest ways cyber criminals can infiltrate an organization or sneak past endpoint solution takes a lot of energy.
Then I got to thinking about these new apps that I can’t imagine why anyone would need to use – UNTIL I decided to try one….and then I discovered I too had been compromised by subscriptions and fees I had no idea I was being charged for. This led me to think about my false sense of security and how I felt I was protected because I checked my account and tracked what came in and out. I use my debit card a lot, I use it constantly for purchases and have it attached to Apple Pay, Pay Pal and you name it, it is linked.
So why am I bringing this up? Well, in your job you might have responsibility for corporate security…and you might be feeling pretty comfortable that you have everything under control, a bit like I did with my finances – but you don’t know what you don’t know. It’s all well and good (and indeed highly advisable) having an endpoint protection product in place but is it possible that this is giving you a feeling of security beyond the true situation? Could there be sneaky activity happening at a really low level that is getting past those solutions? I didn’t think so, until I installed the app and I discovered exactly what I didn’t know.
And that’s where EDR comes in – because EDR is designed to monitor what is happening on your endpoint devices, to track and trace activity, consolidate it and identify potential risks – the really good EDR solutions will also group related items into threads to speed up investigations, prioritize which groups should be examined first and even automate some of the investigation processes.
And don’t overlook the importance of that automation – when I was looking at my finances if the app I tried had simply overwhelmed me with massive amounts of information (some of which I knew, some of which was a surprise, all of which was mixed up together), I’d have likely looked once, and decided that I was right all along…everything was probably under control, and the effort involved in digging deeper was likely to be greater than any return I might have got back. But, it was automated, it consolidated the information, it simplified things…and ultimately it showed me exactly what I needed to know with minimal effort on my part. The net effect of that was a positive result. EDR is the same – I’ve spoken with customers who have tried it and simply given up because it’s proven to be too complicated. It can feel easier not to find out what you don’t know – but it won’t be as secure!
That’s what security analysts are loving about MVISION EDR. MVISION EDR helps find what is hidden and lifts it to the surface where it can be examined and then either allowed or blocked. But unlike my bank account, we’re not talking about 5 or 10 things you may not have been aware of, we’re talking about potentially tens of thousands each and every day. And that’s the other thing they love about MVISION EDR – not only does it make identifying these potential risks easier to identify, but it groups them together into a much smaller number of potential incidents, prioritizes those incidents so they know which ones to investigate first and even uses AI to guide those investigations and make suggestions as to how they can reach a resolution quickly and accurately. What’s not to love?
If you want to see what you have been missing check out MVISION EDR.
The post What Truebill and Other Financial Apps Have in Common With EDR appeared first on McAfee Blogs.
Free VPNs May Still Come with a Price
If we’re being honest, many of us are consuming a lot of online content these days, whether it be for work, education, or sheer entertainment. I know my family is trying to balance what we need to do online, like meetings and classes, with fun activities like streaming movies, given that we are all spending more time safely at home.
But as a security professional what I’m really concerned about is how we are connecting to all this digital content. There has been a surge in VPN (virtual private network) downloads so far this year, showing that users are concerned about their online privacy, which is a good thing.
As you may know, a personal VPN is simply a piece of software that can establish a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial information by encrypting, or scrambling, the data that flows through the tunnel, and can mask your true location, making it appear as though you are connecting from somewhere else.
However, the myriad of VPN options—from free, to paid, to “freemium” (limited products offered on a trial basis for free, hoping customers will invest in more comprehensive, paid versions)—can be confusing and cause some customers to walk away unprotected. This is unfortunate, because here at McAfee we’ve recorded a growing number of network attacks, including targeted attacks against a variety of business and educational enterprises.
These threats mean that we need to do our best to ensure that our sensitive information stays safe, which is why I’d like to take a look at the difference between free VPNs and premium VPNs.
Sometimes a VPN is included in more robust security software, as it is in McAfee® Total Protection, but often it is a standalone tool, that is offered either at a monthly subscription rate, or for free. While it may be tempting to go for a free option, there are some serious considerations that you should take to heart.
Since free VPNs are not making money directly from their users, many make revenue indirectly, through advertising. This means that not only are users bombarded with ads, they are also exposed to tracking, and potentially malware. In fact, one study of 283 free VPN providers found that 72% included trackers. This is not that surprising, given that advertisers depend on gathering your personal data to better target their ads.
But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive information at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole the data off of users’ devices.
Also concerning is how these free providers handle your data. In one worrying incident, a VPN provider exposed thousands of user logs and API access records openly on the web, including passwords and identity information.
VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue for potentially opening the door to new risks. That’s why I always advise users to look for a paid VPN with the following features:
Unlimited Bandwidth —You want your network connection to stay secured no matter how much time you spend online.
Speedy Performance—We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we are all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.
Multiple Device Protection—These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.
Less Battery Drain—Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.
Ease of Use— As I’ve written recently, for technology to really work it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.
Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee Total Protection includes our McAfee® Safe Connect standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Free VPNs May Still Come with a Price appeared first on McAfee Blogs.
The reality is beginning to hit: The holiday season will look and feel different this year. Traditional family gatherings, complete with mile-long dinner tables and flag football games, are now considered COVID “super spreader” events, putting a dent in plans for large gatherings.
Still, there’s a bright side. We may be dealing with a pandemic, but we also happen to live in time of amazing technology and ingenuity. That means when the face-to-face connection isn’t possible, we can connect with a click or two.
According to the Center for Disease Control, it’s important to keep basic safety protocols such as mask-wearing, disinfecting, and social distancing in place. In addition, they recommend limiting the number of guests, celebrating outdoors if possible, and limiting the number of people in food prep areas. One of the most important things you can do, says the CDC, is to “have conversations with guests ahead of time to set expectations for celebrating together.”
A part of those conversations can also include ways to digitally connect with elderly or at risk loved ones who can’t gather and how to do it safely and securely. Here are a few ideas to get you rolling.
One big tip in organizing a successful, digitally connected holiday is to prep your technology logistics before your gathering. Ensure everyone invited to the call has downloaded the right app, adjusted privacy settings, and understands app and safety basics. For family members who may be uncomfortable connecting digitally, consider calling a few days ahead of time, previewing the app, and answering any questions. Prepping your tech will maximize your time together and ensure everyone feels confident.
1. Cook together. Use video apps such as FaceTime or Zoom to share recipes and even have grandma teach the kids to cook her famous corn casserole. Since everyone is together, you may even want to crowdsource favorite family recipes in a google doc and make a family cookbook.
Safe Family Tip: Your FaceTime app is always ideal because it’s encrypted and still private. When using video apps such as Zoom, make sure your account and meeting settings are personal.
2. Share a virtual mealtime. You might be surprised at how much fun sharing a mealtime virtually can be (we’ve tried it!) It’s easy: Set up your phone or computer on a stationary tripod or shelf that frames your dinner table. Agree on a time with family members. Dial them up on your phone or in your app. Toast the holiday in real-time.
Safe Family Tip: Be aware that with the increase in people going online to connect with family, shop, and work, hackers are also working overtime to get into Zoom (and other apps) conversations and figure out ways to plant malware. With increased digital activity, think about a comprehensive security solution, which can help protect devices against malware, phishing attacks, and other threats.
3. Enjoy movie time together. Using apps like Hulu Watch Party, Watch2gether, Amazon Watch, Netflix Party, and Houseparty makes it easy to watch a movie together from multiple locations. For kids, there’s Disney Plus Party for kid-friendly group viewing. Some of the apps require screen sharing, others separate logins, while others are simply one account holder sharing a link. The Verge offers this step-by-step on how to for several of these apps.
Safe Family Tip: Make sure the movie site or app you are using is legal and safe. Cybercriminals are hot on the trail of movie fans and have created movie apps designed to download malware onto computers. Avoid clicking on pop-up ads or random links while looking for movies or apps. Add an extra layer of protection using a Virtual Private Network (VPN) to encrypt your online activity, keep your identity secure, and secure downloads.
4. Multiplayer Game Apps. Don’t worry. Family game night lives on! Even if you are separated by miles, you can play virtual family games like Charades, Uno, Pictionary, Trivia, and many video games.
Safe Family Tip: Be sure the app you are downloading is legitimate. Read reviews and make sure there aren’t any virus or malware issues before downloading. Once downloaded, maximize your safety settings on the app, use strong passwords, and only connect with known players.
5. Virtual Karaoke. Gather on apps like Smule to enjoy some family karaoke together.
Safe Family Tip: Any group app can be a danger zone for cyberbullying or connection from strangers. Be sure that family members are aware of the dangers of allowing younger users to keep these apps on their phones following the holidays. Parental Control Software is an easy way to make sure your kids engage with safe content online.
Thanks to technology, it’s possible to shrink just about any distance. Will it take effort? Sure. Some learning? Yup. But hopefully, even though your home may feel a little more empty this year, your heart will be full.
The post 5 Fun Ways to Keep Family Connections Strong (and Secure) This Holiday appeared first on McAfee Blogs.
At McAfee, ensuring our new team members are well prepared and supported for their roles is a top priority. From the first day of onboarding, team members are nurtured and given the tools they need for successful development.
McAfee’s traditional in-person orientation process has evolved virtually because of the pandemic. But the approach and goal is the same – to transition new team members as efficiently and comfortably as possible so they can make an immediate impact.
We asked four recent additions to the McAfee family what it’s like to join the company via virtual onboarding. They were asked to share how McAfee helped them acclimate to work life as a new employee and to offer highlights now that they’ve settled into their new roles.
Here is what they had to say:
Virtual resources make a difference: “It was my first time onboarding virtually and it felt like a once-in-a-lifetime experience. The process was executed very well, and all training materials were made available to me online. I believe providing these virtual resources was extremely helpful in my onboarding experience.”
Settling in with the right tools, team support: “Like most people in similar circumstances, I wondered what virtual onboarding was going to be like. How could I possibly retain this amount of information? At the end of the day, you realize that you really do have all the right resources. My manager was great and looped me in, and was able to help me to quickly acclimate to my role on the team. My onboarding buddy and fellow team members were also a huge help.”
Engaging and exceeding expectations: “I adapted to my new work life and virtually accomplished everything that most do in-person. I took all of my assessments online and team members offered the different resources that were essential to accomplishing my day-to-day work. My trainer was also very engaging throughout the process.”
Virtually learning to engage customers: “Through daily meetings, my sales coach prepared me for interactions with customers. I learned different ways to engage for meetings and customer visits, and was able to practice my sales pitch just as if it were in person.”
Building better relationships: “In cybersecurity, you are constantly in a state of learning. You never stop the process of improving yourself, your skills, your salesmanship and your relationships. I am now acclimated to my role and building better relationships with my customers.”
A Productive Day One: “The basic onboarding process was easy and enabled me to get the necessary tools like a badge, email and computer equipment prior so that the first day on the job was more productive than prior experiences. I could preview the excellent benefits and enroll shortly after starting, as well as acquire office equipment necessary for me to work from home.”
Easy-to-follow training, introductions: “As an experienced leader, I had no apprehension about virtual onboarding. McAfee’s training and general onboarding introductions were easy to follow and required no advance preparation. While some of the training was time consuming, it was not a burden and frankly insightful.”
Finding balance and having fun: “My role is global, so I found balance between work and family time by juggling the global time zones and meetings. The numerous social and professional groups as well as the MS Teams program with McAfee helped with acclimating to the company. McAfee always keeps it fun with competitions and challenges on the Social Hub between employees. Virtual coffee and happy hours help too.”
Collaborative and better together: “We’re having a strong year, and a big reason is that the team has been very welcoming and always willing to provide training and support – very collaborative. Our best days lie ahead. We are better together and getting better every day.”
A very normal virtual experience: “Initially, I experienced some apprehension about onboarding remotely. It’s difficult enough to learn a new job in the office, and I was worried that learning remotely without having someone sitting next to me might complicate training. But my anxiety quickly dissipated, and I can honestly say that the McAfee onboarding experience felt very normal. My manager, peers and those reporting to me were extremely helpful and stayed in constant communication as I navigated through the first several weeks at McAfee.”
Ease of learning through technology: “Virtual meetings via Teams helped me to quickly acclimate. Talking to others via video was comforting and enabled me to get to know other McAfee team members. McAfee’s onboarding technology made it very easy to learn remotely.”
No need to fear onboarding remotely: “I can truly say that the one major highlight that stands out for me is just getting to know so many amazing employees in this organization. No one should fear or have any anxiety when onboarding virtually at McAfee. It has been and continues to be a great and exciting experience!”
Easy to learn and understand: “The virtual onboarding experience was easy. The learning hub is an excellent resource and helped simplify the process, in addition to offering great product training. As someone who is not only new to McAfee but also the cybersecurity industry, I knew I would have a lot to catch up on. Everything was very easy to understand.”
Very responsive and helpful: “My recruiter stayed in touch with me and made sure my questions were answered. Any time I needed something, the human resources department was very responsive and helpful. My team also rallied around me and have provided a lot of support since I joined McAfee.”
Achieving a steady course: “I love it at McAfee and everyone has been so supportive. Teammates have been incredibly helpful in guiding me through each of their best practices so I could build my roadmap to success.”
Are you thinking about joining our team? McAfee takes great pride in providing a virtual onboarding experience with the right tools and support. Learn more about our jobs. Subscribe to job alerts.
|
Search Career Opportunities with McAfee
Interested in joining our team? We’re hiring! Apply now. Stay Connected For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post McAfee Team Members Share Their Virtual Onboarding Experiences appeared first on McAfee Blogs.
All the kids are doing it, and so can you.
If you haven’t hopped onto a video chat with the family yet, the holidays are a great time to give it a whirl. While there are plenty of apps and services out there for video chatting, I put together a quick list of the more no-nonsense options.
Broadly speaking, I selected video chatting apps that are free, relatively straightforward, and possibly something you already have on your smartphone, tablet, or computer. From there, I also offer up some advice that can keep you and your family safe while you chat. Let’s take a look …
One of the easiest ways to hop onto a video chat is with your smartphone or tablet. They can save you a bit of configuring and fiddling around with settings because these devices have cameras, microphones, and video chat apps already built in. In that way, they’re optimized for video chat, so using one of them is practically “point and shoot.”
Depending on what smartphone or tablet you have, you have a couple of leading options:
Pre-installed on iPhones and iPads, FaceTime can connect up to 32 people on iOS and Mac OS devices at one time. That way, if you want to chat with a few family members at once, you can have plenty of people join in. Note that only iOS and Mac OS devices can use FaceTime, so the person you want to chat with will need FaceTime on a iOS or Mac OS device as well. Connections are quite simple. In fact, as simple as making a phone call. You can start a FaceTime call with a tap of family members in your contact list. Your device does the rest.
Google Duo is a voice chat app much akin to FaceTime that’s found on plenty of Android phones and tablets. However, it differs from FaceTime because it’s available for multiple platforms. For example, there’s a Google Duo app for iPhones, so if your grandkids have iPhones, they can install the Google Duo on their iPhones and have a chat with you on your Android phone.
Also, you can use Google Duo on a web browser without an app by clicking here. That’s a great option if you have a camera-ready laptop or computer—which we’ll talk about more next.) Google Duo also features “Family Mode” where you can put on masks and make doodles on the screen if you’re signed in with a Google account.
If you don’t have a smartphone or tablet, there are still plenty of options that are free and relatively easy as well.
For starters, you’ll need a laptop or computer with a microphone and camera, which is more or less standard in laptops today. If your laptop or computer doesn’t have that combo already, not to worry. There are plenty of moderately priced web cameras that include a microphone. I suggest getting one with a physical lens cap. That way it always protects your privacy. Likewise, you can always disconnect yours when it’s not in use.
With that, here are a few options for video chatting on your computer:
Originally aimed at a business audience, families and schools quickly latched on to Zoom for its ease of use at the start of the pandemic. Zoom offers unlimited time and unlimited calls for one-to-one meetings yet has a 40-minute limit once there are more than two devices connected. While there’s an app available, I recommend that you set up a free account and run it through a browser window. That way, you don’t have to deal with an install and you’ll always have the latest security protocols in play.
Skype from Microsoft has been around for a long time, getting its start back in the early 2000’s as a voice and text chatting app. Today, it comes standard on Windows PCs and supports apps for all kinds of tablets and smartphones too. Up to 50 people can join, which is of course plenty. If you want to create a video chat without an account, you can simply visit this page and start an instant video chat with a click. That’ll give you a link that you can copy and share with your family. And when they click on that link, you’ll all be connected.
Free to anyone with a free Google Gmail account, you can use Google Meet just by clicking its icon from your Google apps menu or by visiting https://meet.google.com/. Originally designed for businesses, governments, and schools, this premium product is now available to all. Some nice features include the ability to schedule a meeting with your family using Google Calendar and additional security features that help make sure your call is private. Like Zoom and Skype, it can run in the window of your browser, so there’s no app to download and install.
As I mentioned above, there’s practically setup when it comes to running a video call on your smartphone or tablet, as they’re already configured for video. Computers, however, may take a little more effort.
The first thing is to make sure that your microphone, speakers, and camera are all set up and ready to go. If you have a Windows computer, you can check out this quick article to get your audio set up and this article for setting up your camera. For Macs, check out this article for audio and this article for video.
From there, you can log into your video chat app or service of choice and give your audio and video a test just to make sure everything is a go. You can do this before you make a call by starting the app as you normally would and then clicking on the menu item for “Settings.” Each app handles it a little differently, yet the interface should show you if it detects your camera, microphone, and speakers. Once you’re set up, you likely won’t have to go back in and do it again.
Now, it’s time to think like a movie director. As you might think, the camera angle and lighting in your room make all the difference on a video chat.
In a way, the camera is the way you’ll make eye contact with your family. Set the camera or hold your device so that it’s at eye level with you. That way, it’ll appear like you’re making eye contact with them. Few things feel stranger on a video chat than a camera angle that appears to have you looking down at them (and with them looking up your nose in return).
As for lighting, avoid sitting with a light source behind you. The camera will adjust itself to the light source instead of you, putting your face in the dark. Instead, look to have a light source that’s in front and a bit off to the side from you. That’ll light your face without washing out your face in harsh light. Likewise, if you’re sitting in front of a computer monitor while you’re chatting, see if you can lower the brightness on the monitor. That’ll keep your video looking great as well.
Once you’re all set up, here are a few things that will help keep your calls private and secure.
If you’re initiating the chat, be sure to create a password that that uninvited parties can’t join the call. Also, don’t be shy about asking your family members to use a password on the calls they initiate. It’s pretty much a standard practice nowadays.
Many services, like Zoom, allow people to join a video chat by clicking a link. As with any link that’s sent to you, be sure that it’s legitimate. Confirm the link with the family member who sent it, particularly if you weren’t expecting one.
Likewise, make sure that you’re using comprehensive security software that protects you from scam emails and links, plus block links that could send you to sketchy websites. That way, if you do get sent a bogus invite link from a scammer, you’ll be protected.
When you click a link to join a video call from your computer, it will open a new browser tab that will prompt you to join the call. Often, there will be an option to “join using the app,” which your browser will automatically download if you click that option. However, the easiest way to join is by clicking the option to “join using my browser.” In addition to being a no-fuss option, it also means one less app on your device to keep current.
Aside from giving you the latest features and functionality, updates also often include essential security improvements. Set your computer to update itself automatically and consider using security software that will scan for vulnerabilities and install updates automatically as needed.
With the holidays upon us and the and New Year on the horizon, now’s a great time to give video chatting a try. As with any new app you try, do a little research of your own before you download it. Check out the news reviews to see if it’s right for you or if there have been any security concerns.
I hope this overview gives you a great start and that it becomes just one more of the many ways you keep in touch, whether during the holidays or year ’round.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Zooming with the Grandkids: Five Easy Video Chat Apps for the Holidays appeared first on McAfee Blogs.
You wake up, log in to your Outlook, and find an email waiting in your inbox from support@irs.gov. Much to your confusion, the email claims that you have an outstanding account balance that you must pay immediately, or you will face legal charges.
As it turns out, you’re not the only one to receive this message. According to Bleeping Computer, a phishing campaign was recently discovered impersonating the IRS, with 70,000 spoofed emails reaching users’ inboxes. Let’s unpack how this scheme works.
This scam targets Microsoft 365 users and threatens to press legal charges unless the recipient settles an outstanding account balance. And while some of the telltale signs of a phishing scam are grammar errors and misspellings throughout the body and address of the email, this threat is a little more sophisticated. To make this threat appear more credible, scammers use the email support@irs.gov, causing recipients to believe that the email actually did originate from the IRS. The email also appears to have no spelling errors at first glance, further increasing its legitimacy to an unsuspecting user.
This scam is not foolproof, however. Upon further investigation, a recipient would see that the email’s header reveals the real sending domain: shoesbagsall.com. What’s more, the reply-to field redirects the replies to legal.cc@outlook.com instead of the IRS support mailing address.
To further entice users into falling for this scheme, scammers threaten arrest or other legal charges and tell recipients that they will forward the emails to their employer to withhold the fake outstanding amounts from their wages. Additionally, the emails also instruct the targets to immediately reply with payment details to avoid having their credit affected.
The best way to stay protected from phishing scams? Knowing how to spot them! Follow these security tips and best practices to prevent falling for fraudsters’ tricks:
Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service.
If you receive an email or text asking you to download software or pay a certain amount of money, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
If you accidentally respond to a phishing email with your personal data, change the passwords to any accounts you suspect may have been impacted. Make sure your new credentials are strong and unique from your other logins. For tips on how to create a more secure password, read our blog on common password habits and how to safeguard your accounts.
A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected appeared first on McAfee Blogs.
The move to a distributed workforce came suddenly and swiftly. In February 2020, less than 40% of companies allowed most of their employees to work from home one day a week. By April, 77% of companies had most of their employees working exclusively from home.
Organizations have been in the midst of digital transformation projects for years, but this development represented a massive test. Most organizations were pleasantly surprised to see that their employees could remain productive while working from home thanks to successful cloud migration projects and the adoption of various mobility and remote access technologies, but companies have become more worried that they have far less visibility into data on employees’ systems when they are working remotely. Traditional Network DLP can protect data while it is traversing through the network up to the corporate edge, but it has little visibility to data once it is out of the corporate network and its effectiveness is further limited when the workforce is distributed.
More than three-quarters of CIOs are concerned with the impact that this increased data sprawl is having on security. Despite the fact that roughly half of all corporate data was stored in the cloud last year, only 36% of companies could enforce data protection policies there. Many organizations therefore forced home-based users to hairpin all traffic back to the corporate data center via VPN so that they could be protected by the network data loss prevention (DLP) system. This maintained security, but it came at the cost of poor performance and reduced worker productivity.
Organizations that employed cloud-based security technologies like a Cloud Access Security Broker (CASB), DLP, or Secure Web Gateway (SWG) could enable their users to perform their jobs with fast and secure direct-to-cloud access. However, this still leads to headaches: IT organizations have to manage multiple disparate solutions, while users face latency while their traffic needs to bounce between multiple siloed technologies before they can access their data.
The Secure Access Service Edge (SASE) presents a solution to this dilemma by providing a framework for organizations to bring all of these technologies together into a single integrated cloud service. End users enjoy low-latency access to the cloud, while IT management and costs are simplified. So everyone wins, right? Not entirely.
Many SASE proponents posit that the best way to architect a distributed Work From Home environment would be to have all security functionality in the cloud at the “service edge”, while end user devices have only a small agent to redirect traffic to that service edge. However, this model poses a data protection dilemma. While a cloud-delivered service can extend data protection to data centers, cloud applications, and web traffic, there are a number of blind spots:
These blind spots can only be addressed by endpoint-based data loss prevention (DLP) that enforces data protection policy on the user’s device. This is not dissimilar to how SASE frameworks rely on SD-WAN customer premises equipment (CPE) that perform essential network flow functionality at branch office locations. Therefore, it’s imperative to look for SASE solutions that include endpoint DLP coverage.
It’s great to say that to address the challenges of cloud transformation and the remote workforce, existing network DLP solutions – with their dedicated management interface, data classifications, and policy workflows – need to be accompanied by similar capabilities in the cloud, and then again on the endpoint. Of course, that’s completely impractical where IT organizations are already struggling to deal with the status quo due to finite budgets and skilled personnel. Not only is it impractical, but it undermines the consolidation, simplification, and cost reduction promised both by digital transformation and the SASE framework.
The answer to this dilemma is a comprehensive data protection solution that encompasses networks, devices, and the cloud, something that is uniquely delivered by McAfee MVISION Unified Cloud Edge (UCE). MVISION UCE is a cloud-native solution that seamlessly converges core security technologies such as Data Loss Prevention (DLP), cloud access security broker (CASB) and next-gen secure web gateway (SWG) to help accelerate SASE adoption. MVISION UCE features multi-vector data protection that features unified data classification and incident management across the network, sanctioned and unsanctioned Shadow IT cloud applications, web traffic, and equally important, endpoint DLP. This provides corporate information-security teams the necessary visibility, control and management capability to secure home-based and mobile workers as they access data anywhere.
To manage data security of a distributed workforce, linking device security to corporate policy becomes extremely important. With a managed DLP agent on the device, IT security can know where sensitive data exists, block untrusted services and removable media, protect against cloud services and desktop apps, and educate employees to potential dangers.
Historically, data protection has focused on a central point like the network or the cloud because implementing it on the device has been difficult. However, with McAfee’s Unified Computing Edge (UCE), DLP becomes an easy-to-deliver feature.
Centrally managed by McAfee MVISION ePO, McAfee DLP can be easily deployed to endpoints. With its unique device-to-cloud DLP features, on-prem DLP policies can be easily extended to the Cloud with a single click and as fast as under one minute. Shared data classification tags ensure consistent multi-environment protection for your most sensitive data across endpoints, network and cloud. —
Incorporating security into the cloud and the edge, and delivering data protection at the endpoint, are the only way to really deliver on what SASE promises and unlock your remote workforce. Looking to the future, a widely distributed workforce is here to stay. Companies need to take steps to secure devices and data wherever they are.
To find out more, please visit www.mcafee.com/unifiedcloud.
The post Think Beyond the Edge: Why SASE is Incomplete Without Endpoint DLP appeared first on McAfee Blogs.
This year has thrown a lot of challenges at us, and our digital lives were not immune. As millions of people around the world suddenly switched to working and learning online from home during the pandemic, digital threats spiked, making security and performance essential.
At McAfee, we are hyperaware of what our users are going through this year, with changes to their work, school, and lifestyles. At the same time, we are keeping our eyes on the threats aimed at taking advantage of the situation.
For example, we know that publicly disclosed security breaches increased by 41% in the first quarter of 2020 compared to the previous quarter. And, COVID-related threats are also on the rise. But with everything going on, it’s easy to see how technology users can become overwhelmed. That means that security not only has to protect against a wide range of threats, but also be seamless.
While you’ve been busy keeping up with all the changes this year has brought, we have been working on providing comprehensive security that protects you from existing and emerging threats so you can have peace of mind. In fact, Austria-based AV-Comparatives recently gave McAfee® Total Protection their highest three-star, “Advanced +” rating for malware protection measured against 16 competitors, and the German anti-malware test lab AV-Test awarded McAfee Total Protection with the TOP Product rating because of its 100% protection scores.
AV-Test also gave McAfee Mobile Security for Android its highest rating in terms of protection, performance, and usability against 14 competitors.
These labs also test for “false positives.” False positives happen when antivirus software identifies legitimate files or processes as malware by mistake. In recent tests, our products have also scored well when it comes to avoiding false positives. AV-Test showed that McAfee Total Protection and McAfee Mobile Security flagged zero false positives during testing.
Both of these independent antivirus testing organizations specifically look for how well security products protect their users against various threats, which is critically important given today’s threat landscape.
One of the key ways we keep on top of threats is through continuous product development. We don’t stop working on our software tools just because they are released to the public. Our products are continuously updated with new features and enhancements when they become available because security isn’t static. Regardless of if you bought your product in 2019 or early 2020, we make sure that you have the latest protection installed through automatic product updates.
Underscoring our dedication to continual product improvement, U.K.-based SE Labs recently named McAfee the 2020 winner for “Best Product Development.”
SE Labs’s slogan is “testing like hackers” because it evaluates a product’s effectiveness at various stages of attacks, from malicious emails and keystroke loggers, to full-on network attacks and system harm. All of these assessments are important to ensure that we can protect our users in real-world settings.
I’ve written before about how security software has to be convenient, and not get in the way of our productivity. Given the climate, it’s more important than ever that we offer comprehensive security tools that are lightweight and easy to manage.
For instance, I know how important these days are for my kids to meet with their teachers in online classes. If our security software was taking up so much of our computer’s resources that it kept them from being able to stream video while taking notes, it wouldn’t just be frustrating, but detrimental.
McAfee has consistently received some of the best scores in performance tests, while having a minimal impact on users’ systems. Just this month, AV-Comparatives awarded McAfee Total Protection the highest possible ADVANCED+ rating yet again, for the ninth time in a row!
This is great news for us, but even more important for our users since it shows that they do not have to sacrifice protection or performance, whether on their computers or mobile devices.
Of course, we know the threat landscape is continuously evolving, and we need to evolve with it.
By offering you tools that can guard against the latest risks while allowing you to be productive and connect with family and friends, we hope to be a strong ally in your digital life. It’s great to see that these three independent testing organizations recognize our accomplishments so far in protection efficacy and performance. We promise to keep it up so you can live a carefree digital life.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Putting Protection to The Test appeared first on McAfee Blogs.
And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own.
Let’s unwrap the top four phishing scams that users should beware of while making online purchases this week and through the rest of the year. Remember, there’s still time to shop for cybersecurity protection this holiday season.
It might surprise you to see that a tactic as old as email phishing is still so widely used today. Well, that’s because many people still fall for email phishing scams, as the criminals behind these attacks up the ante every year to make these threats more sophisticated.
Scammers also tend to take advantage of current events to trick unsuspecting consumers into falling for their tricks. Take earlier this year, for example, when many users received phishing emails claiming to be from a government entity regarding financial support due to the global health emergency. Cybercriminals will likely use similar, timely tactics leading up to the holidays, posing as famous retailers and promising fake discounts in the hope that a consumer will divulge their credit card details or click on a malicious link.
Like email phishing, spear phishing has been around for quite some time. With spear phishing attacks, hackers pretend to be an organization or individual that you’re familiar with and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with. For example, cybercriminals might claim to be charitable organizations asking for donations, knowing that many families like to donate during the holidays. The email might even include the recipient’s personal details to make it seem more convincing. But instead of making a generous contribution, users find that they infected their own system with malware by clicking on the fraudulent link.
No, that’s not the sound of Santa coming down the chimney – it’s the sound of voice phishing! “Vishing” attacks can be highly deceiving, as hackers will call a user and trick them into giving up their credentials or sharing other personal information. For example, a scammer could call an individual telling them that they won a large amount of cash as part of a holiday contest. Overjoyed with the thought of winning this so-called contest, the user may hand over their bank information to the criminal on the other end of the phone. But instead of receiving a direct deposit, all they find is that their banking credentials were used to make a fraudulent purchase.
SMS phishing, or “SMiShing,” is another threat users should watch out for this holiday season. This tactic uses misleading text messages claiming to come from a trusted person or organization to trick recipients into taking a certain action that gives the attacker exploitable information or access to their mobile device.
Due to the current global health emergency and the desire to do more digitally, consumers will likely rely on online shopping this holiday season. To take advantage of this trend, scammers will probably send fraudulent text messages disguised as online retailers. These messages will likely contain fake tracking links, shipping notices, and order confirmations. But if an unsuspecting user clicks on one of these links, they will be directed to a fake website prompting them to enter their credentials for the attackers to further exploit.
To prevent cybercriminals from messing with the festive spirit via phishing schemes, follow these tips so you can continue to make merry during the holiday shopping season:
If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blog.
2020 has been a tumultuous and unpredictable year, where we restructured our lives and redefined how we work and interact with each other. In the past nine months, we saw IT security and the digital world challenged and taken to new heights. Although 2020 has undoubtedly been a year of trials and tribulations, I wanted to share some of McAfee’s top highlights.
The list that follows is drawn from some of this year’s greatest accomplishments.
1. |
New Global Managed Detection and Response Platform |
At the RSA Conference in February, we launched our MDR platform and our first strategic partner to leverage our MVISION EDR solution to proactively detect cyber threats faced by customers and resolve security incidents faster. Our MDR service with DXC Technology provides 24/7 critical alert monitoring, managed threat hunting, advanced investigations, and threat disruption 365 days a year.
2. |
Cloud Risk & Adoption Report: Work-from-Home Edition |
With the new work from home environment, we released a report uncovering a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber-attacks targeting the cloud.
3. |
MVISION Cloud Becomes First CASB to Receive U.S. Government’s FedRAMP High JAB P-ATO Designation |
To support today’s U.S. governments race to modernize its IT infrastructure in the constantly evolving threat landscape, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level. Learn more here.
4. |
Election Website Security Shortcomings |
Ahead of the 2020 U.S. Presidential election, we released a survey revealing a severe lack of U.S. government .GOV validation and HTTPS encryption among county election websites in 13 states. The January 2020 survey found that as many as 83.3% of these county websites lacked .GOV validation across these states, and 88.9% and 90.0% of websites lacked such certification. Subsequently, reports emerged from the U.S. Federal Bureau of Investigations and the FBI and Department of Homeland Security, which compelled us to conduct a follow-up survey of county election websites in all 50 U.S. states.
5. |
Industry’s First Proactive Security Solution to Help Organizations Stay Ahead of Emerging Threats |
MVISION Insights provides actionable and preemptive threat intelligence by leveraging our cutting-edge threat research, augmented with sophisticated AI applied to real-time threat telemetry streamed from over 1 billion sensors. The integration of MVISION Insights significantly enhances the capabilities of our award winning endpoint security platform by managing the attack surface, preventing ransomware and aiding security teams to easily investigate and respond to advanced attacks.
6. |
Threat Actor Evolution During the Pandemic |
Our McAfee Labs team released a report examining cybercriminal activity related to COVID-19 and the evolution of cyber threats in Q1 2020. The team saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. Read the full report Q1 2020 here, and feel free to enjoy the bumper edition of the McAfee Labs Threats Report: November 2020, here.
7. |
Introducing MVISION CNAPP |
McAfee announced CNAPP, a new security service that combines solutions from Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Data Loss Prevention (DLP), and Application Protection into a single solution. Now in beta with a target launch date of Q1, 2021, we built CNAPP to provide InfoSec teams broad visibility into their cloud native applications.
8. |
Taking Threat Detection and Response to a New Level |
At MPOWER 2020, we announced McAfee XDR, a complete platform that provides SOCs visibility into how threats are impacting your key business processes, prioritizes response and delivers a full-integrated platform of security technologies. Our AI and Big Data analytics capabilities supplies SOCs with threat and campaign insights before an attack changes course, to avoid wasting time chasing false positives. Defenders get fewer and more meaningful alerts, making it easier to prioritize their response based on the severity and potential impact of a threat.
9. |
Expansions to McAfee’s MVISION Platform |
Continuing on MPOWER’s momentum, we launched MVISION Marketplace, MVISION API and MVISION Developer Portal, allowing customers to quickly and easily integrate McAfee and trusted SIA partner applications as well as privately developed applications within their current security environment. The launch enables security teams to swiftly address security gaps in their architecture and easily improve security posture.
10. |
McAfee Goes Public |
On October 22, 2020, McAfee rang the bell on NASDAQ and officially became a publicly traded company again. It was a momentous occasion for the company and all our dedicated employees and partners. A huge thank you goes out to our employees for their support and invaluable contributions in helping McAfee reach this milestone We’re excited for the future!
Thank you to our wonderful employees, partners and customers for helping us achieve our goals and we look forward to working with everyone in the new year!
The post 2020 Hindsight – Top 10 Highlights from McAfee appeared first on McAfee Blogs.
Over the past 9 months, the world has grappled with the COVID-19 pandemic. We have all felt vulnerable. With borders closed and curfews and lockdowns instituted, things that we can count on, like reliable energy and technology, have become more essential than ever… Especially now that most of us have to conduct work from home, we are grateful for reliable energy as it powers our lights, air, heating, and internet. It is imperative during these critical times that homes—and businesses—run smoothly, without any interruptions from cyberthreats.
Like many businesses during this vulnerable time, a leading North American oil and gas company was already bombarded daily by cyberthreats before Covid-19, but the onset of the pandemic and the transition to thousands of employees working from home only made it a bigger target. Since the start of the pandemic-induced shift to remote work, the company has experienced a much higher volume of campaigns by sophisticated threat actors.
To guard against these bad actors and reduce vulnerability, the company’s security team purchased McAfee’s MVISION EDR after a proof-of-concept bakeoff against two competing products. The McAfee solution’s integration capabilities, attractive pricing, and lack of dependency upon a complex and costly infrastructure placed it far ahead of its endpoint threat detection and response (EDR) competitors. The need to accelerate threat response increased the company’s sense of urgency to implement MVISION EDR.
With help from McAfee technical support experts, the company’s security team completed its roll out of MVISION EDR across 16,000 endpoints within just two weeks. Now that MVISION EDR is deployed, the IT security manager and his team have much greater visibility into threats across all endpoints, including those belonging to employees working from home. This increase in visibility and understanding has helped them quickly identify patient zero and follow the trajectory of an attack to understand its potential impact. With MVISION EDR, they are able to determine every lateral movement that took place and analyze endpoints to determine if they were affected.
With McAfee MVISION EDR, the company’s security team can easily prioritize alerts, quickly grasping which ones need immediate attention and which can wait. In the future they hope to leverage the solution’s artificial intelligence-guided investigations and automate tasks to keep improving threat analysis and threat hunting, all of which will shrink the time-to-response gap even more.
Another benefit for the security team is the ability to use MVISION EDR for inventory tracking; they also can easily check registry settings to monitor system licensing and ensure proper configurations. When they roll out new tools in the environment, for example, they use MVISION EDR to make sure that the systems are working properly and communicating the way they should.
As you find yourself spending all your time at home, remember the critical role your energy company and technology play to provide you comfort in a not so comfortable time. Cybersecurity is complex but to find out how we simplify handling potential threats to our customers, please read the case study. And get your questions answered by tweeting @McAfee_Business.
The post Energy Company Fights Back with MVISION EDR as Covid-19 Increases Threat Campaigns appeared first on McAfee Blogs.
Government and Private Sector organizations are transforming their businesses by embracing DevOps principles, microservice design patterns, and container technologies across on-premises, cloud, and hybrid environments. Container adoption is becoming mainstream to drive digital transformation and business growth and to accelerate product and feature velocity. Companies have moved quickly to embrace cloud native applications and infrastructure to take advantage of cloud provider systems and to align their design decisions with cloud properties of scalability, resilience, and security first architectures. The declarative nature of these systems enables numerous advantages in application development and deployment, like faster development and deployment cycles, quicker bug fixes and patches, and consistent build and monitoring workflows. These streamlined and well controlled design principles in automation pipelines lead to faster feature delivery and drive competitive differentiation.
As more enterprises adapt to cloud-native architectures and embark on multi-cloud strategies, demands are changing usage patterns, processes, and organizational structures. However, the unique methods by which application containers are created, deployed, networked, and operated present unique challenges when designing, implementing, and operating security systems for these environments. They are ephemeral, often too numerous to count, talk to each other across nodes and clusters more than they communicate with the outside endpoints, and they are typically part of fast-moving continuous integration/continuous deployment (CI/CD) pipelines. Additionally, development toolchains and operations ecosystems continue to present new ways to develop and package code, secrets, and environment variables. Unfortunately, this also compounds supply chain risks and presents an ever-increasing attack surface.
Lack of a comprehensive container security strategy or often not knowing where to start can be a challenge to effectively address risks presented in these unique ecosystems. While teams have recognized the need to evolve their security toolchains and processes to embrace automation, it is imperative for them to integrate specific security and compliance checks early into their respective DevOps processes. There are legitimate concerns that persist about misconfigurations and runtime risks in cloud native applications, and still too few organizations have a robust security plan in place.
These complex problem definitions have led to the development of a special publication from National Institute of Standards and Technology (NIST) – NIST SP 800-190 Application Security Container Guide. It provides guidelines for securing container applications and infrastructure components, including sectional review of the fundamentals of containers, key risks presented by core components of application container technologies, countermeasures, threat scenario examples, and actionable information for planning, implementing, operating, and maintaining container technologies.
MVISION Cloud Native Application Protection Platform (CNAPP) is a comprehensive device-to-cloud security platform for visibility and control across SaaS, PaaS, & IaaS platforms. It provides deep coverage on cloud native security controls that can be implemented throughout the entire application lifecycle. By mapping all the applicable risk elements and countermeasures from Sections 3 and 4 of NIST SP 800-190 to capabilities within the platform, we want to provide an architectural point of reference to help customers and industry partners automate compliance and implement security best practices for containerized application workloads. This mapping and a detailed review of platform capabilities aligned with key countermeasures can be referenced here.
As outlined in one of the supporting charts in the whitepaper, CNAPP has capabilities that effectively address all the risk elements described in the NIST special publication guidance.
While the breadth of coverage is critical, it is worth noting that the most effective way to secure containerized applications requires embedding security controls into each phase of the container lifecycle. If we leverage Department of Defense’s Enterprise DevSecOps Reference Design guidance as a point of reference, it describes the DevSecOps lifecycle in terms of nine transition stages comprising of plan, develop, build, test, release, deliver, deploy, operate, and monitor.
The foundational principle of DevSecOps implementations is that the software development lifecycle is not a monolithic linear process. The “big bang” style delivery of the Waterfall SDLC process is replaced with small but more frequent deliveries, so that it is easier to change course as necessary. Each small delivery is accomplished through a fully automated process or semi-automated process with minimal human intervention to accelerate continuous integration and delivery. The DevSecOps lifecycle is adaptable and has many feedback loops for continuous improvement.
Specific to containerized applications and workloads, a more abstract view of a container’s lifecycle spans across three high-level phases of Build, Deploy, and Run.
The “Build” phase centers on what ends up inside the container images in terms of the components and layers that make up an application. Usually created by the developers, security efforts are typically focused on reducing business risk later in the container lifecycle by applying best practices and identifying and eliminating known vulnerabilities early. These assessments can be conducted in an “inner” loop iteratively as developers perform incremental builds and add security linting and automated tests or can be driven via an “outer” feedback loop that’s driven by operational security reviews and penetration testing efforts.
In the “Deploy” phase, developers configure containerized applications for deployment into production. Context grows beyond information about images to include details about configuration options available for orchestrated services. Security efforts in this phase often center around complying with operational best practices, applying least-privilege principles, and identifying misconfigurations to reduce the likelihood and impact of potential compromises.
“Runtime” is broadly classified as a separate phase wherein containers go into production with live data, live users, and exposure to networks that could be internal or external in nature. The primary purpose of implementing security during the runtime phase is to protect running applications as well as the underlying container infrastructure by finding and stopping malicious actors in real time.
By applying this understanding of container lifecycle stages to respective countermeasures that can be implemented and audited upon within MVISION Cloud, CNAPP customers can establish an optimal security posture and achieve synergies of shift left and runtime security models. Security assessments are critically important early in planning and design, where important decisions are made about architecture approach, development tooling and technology platforms and where mistakes or misunderstandings can be dangerous and expensive. As DevOps teams move their workloads into the cloud, security teams will need to implement best practices that apply operations, monitoring and runtime security controls across public, private, and hybrid cloud consumption models.
CNAPP first discovers all the cloud-native components mapped to an application, including hosts, IaaS/PaaS services, containers, and the orchestration context that a container operates within. With the use of native tagging and network flow log analysis, customers can visualize cloud infrastructure interactions including across compute, network, and storage components. Additionally, the platform scans cloud native object and file stores to assess presence of any sensitive data or malware. Depending on the configuration compliance of the underlying resources and data sensitivity, an aggregate risk score is computed per application which provides detailed context for an application owner to understand risks and prioritize mitigation efforts.
As a cloud security posture management platform, CNAPP provides a set of capabilities that ensure that assets comply with industry regulations, best practices, and security policies. This includes proactive scanning for vulnerabilities in container images and VMs and ensuring secure container runtime configurations to prevent non-compliant builds from being pushed to production. The same principles apply to orchestrator configurations to help secure how containers get deployed using CI/CD tools. These baseline checks can be augmented with other policy types to ensure file integrity monitoring and configuration hardening of hosts (e.g., no insecure ports or unnecessary services), which help apply defense-in-depth by minimizing the overall attack surface.
Finally, the platform enforces policy-based immutability on running container instances (and hosts) to help identify process-, service-, and application-level whitelists. By leveraging the declarative nature of containerized workloads, threats can be detected during the runtime phase, including any exposure created as a result of misconfigurations, application package vulnerabilities, and runtime anomalies such as execution of reverse shell or other remote access tools. While segmentation of workloads can be achieved in the build and deploy phases of a workload using posture checks for constructs like namespaces, network policies, and container runtime configurations to limit system calls, the same should also be enforced in the runtime phase to detect and respond to malicious activity in an automated and scalable way. The platform defines baselines and behavioral models that can specially be effective to investigate attempts at network reconnaissance, remote code execution due to zero-day application library and package vulnerabilities, and malware callbacks. Additionally, by mapping these threats and incidents to the MITRE ATT&CK tactics and techniques, it provides a common taxonomy to cloud security teams regardless of the underlying cloud application or an individual component. This helps them extend their processes and security incident runbooks to the cloud, including their ability to remediate security misconfigurations and preemptively address all the container risk categories outlined in NIST 800-190.
The post Securing Containers with NIST 800-190 and MVISION CNAPP appeared first on McAfee Blogs.
Everyone deserves a break after surviving this past year and I cannot think of better way to celebrate than to share some of our greatest accomplishments from 2020.
1. |
January 2020 Gartner Peer Insights VOC Customers’ Choice for CASB |
McAfee was the only vendor to be named the January 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Cloud Access Security Brokers (CASBs). The recognition is based on customer feedback and ratings for McAfee MVISION Cloud, which we believe provides a cloud-native and frictionless way for organizations to consistently protect their data and defend from threats across the spectrum of Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). Everyone at McAfee is extremely proud and honored to be named by customers as a 2020 Gartner Peer Insights Customers’ Choice for CASB.
Disclaimer: Gartner, Gartner Peer Insights ‘Voice of the Customer’: Cloud Access Security Brokers, 13 March 2020
2. |
Coolest Cloud and Coolest Endpoint Security Companies |
CRN, the top news source for solution providers and the IT channel, included McAfee on its Security 100 list and named McAfee one of “The 20 Coolest Cloud Security Companies” and “The 20 Coolest Endpoint Security Companies” of 2020.
3. |
Most Innovative and Scalable Cloud and Endpoint Security Company |
During RSA 2020, Cyber Defense Magazine, the industry’s leading electronic information security magazine, named McAfee the Most Innovative Company in its Cloud Security category for McAfee MVISION Cloud. The magazine also listed McAfee Endpoint Security Most Innovative and McAfee MVISION EDR Most Scalable, both in the Endpoint Security category.
4. |
CASB Category Winner |
Info Security Products Guide, the industry’s leading information security research and advisory guide, named McAfee a winner in the 16th Annual 2020 Info Security PG’s Global Excellence Awards® in its Cloud Access Security Brokers (CASB) category for MVISION Cloud for Container Security.
5. |
2020 Gartner Peer Insights Customers’ Choice VOC for Secure Web Gateways |
We’re thrilled to be named the 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Secure Web Gateways (SWGs) for the second year in a row. The recognition is based on customer feedback and ratings for the McAfee Web Security portfolio which consists of McAfee Web Protection (MWP), McAfee Web Gateway (MWG) and McAfee Web Gateway Cloud Service (MWGCS). We believe this customer recognition validates our commitment to innovate and invest in technology that aims to reduce the cost and complexity of modern cybersecurity. With the McAfee Web Security portfolio, organizations can enforce their internet policy compliance and extend their perimeter security for a borderless IT environment.” said Ash Kulkarni, executive vice president and chief product officer, McAfee.
Disclaimer: Gartner, Gartner Peer Insights ‘Voice of the Customer’: Secure Web Gateways, 09 April 2020
6. |
MVISION Cloud Wins 2020 Fortress Cyber Security Award |
McAfee MVISION Cloud took top honors in the 2020 Fortress Cyber Security Awards in the data protection category for its cloud access security broker (CASB) technology. The industry awards program seeks to highlight, discuss and reward the creative thinking, engineering, people and projects that are taking proactive steps to thwart cybersecurity attacks.
7. |
2020 Gartner Peer Insights ‘Voice of the Customer’ for Both Enterprise DLP and SIEM Solutions Report |
We’re excited to be named a 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Enterprise Data Loss Prevention (DLP) and a 2020 Gartner Peer Insights ‘Voice of the Customer’ Customers’ Choice for Security Information Event Management (SIEM). The Gartner Peer Insights Customers’ Choice Recognition is based on feedback and ratings from end-user professionals who purchase, implement and/or use McAfee’s DLP and SIEM solutions. “We think rigorously validated customer reviews are the true mark of value and quality,” said Anand Ramanathan, vice president of enterprise products, McAfee.
Disclaimer: Gartner, Gartner Peer Insights ‘Voice of the Customer’: Enterprise Data Loss Prevention, 01 July 2020 & Gartner, Gartner Peer Insights ‘Voice of the Customer’: Security Information Event Management, 03 July 2020
8. |
Named to the Diversity Best Practices Inclusion Index |
It’s an honor to be recognized as an inclusive workplace by Diversity Best Practices (DBP), a division of Working Mother Media. McAfee was among the 98 organizations that earned a place on the fourth annual Inclusion Index. McAfee’s efforts to create a more inclusive workplace focus on attracting and hiring diverse talent, cultivating an environment where everyone thrives, and igniting change within our industry and community. Read more about McAfee’s strategy and results in the 2019 Impact Report.
9. |
Named a Leader in 2020 Gartner Magic Quadrant for Cloud Access Security Brokers |
This year, we are positioned as a Leader in the 2020 Gartner “Magic Quadrant for Cloud Access Security Brokers” (CASB) for every one of the four years the quadrant has been published. The report, which evaluates vendors based on their ability to execute and on their completeness of vision, positioned McAfee highest and furthest, respectively, for these attributes in the entire Magic Quadrant. A complimentary copy is available on the McAfee web site.
Disclaimer: Gartner, Magic Quadrant for Cloud Access Security Brokers, Steve Riley, Craig Lawson, 30 October 2020.
10. |
Ken McCray Named One of CRN’s 50 Most Influential Channel Chiefs |
Ken McCray, head of channels sales and operations Americas at McAfee, was named to CRN’s exclusive list of the 50 Most Influential Channel Chiefs for 2020. This annual list recognizes the elite vendor executives who lead, influence, innovate, and disrupt the IT channel. We congratulate McCray for his outstanding commitment, ability to lead, and passion for progress within the channel through our partner programs.
The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliate.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
The post 10 Reasons to Celebrate 2020 appeared first on McAfee Blogs.
Whether you’re working, banking, shopping, or just streaming a few shows online, these quick tips will make sure you’re more secure from hacks, attacks, and prying eyes.
Start with the basics: get strong protection for your computers and laptops. And that means more than basic antivirus. Using a comprehensive suite of security software like McAfee® Total Protection can help defend your entire family from the latest threats and malware, make it safer to browse, help steer you clear of potential fraud, and look out for your privacy too.
Aside from using it for calls and texting, we use our smartphones for plenty of things. We’re sending money with payment apps. We’re doing our banking. And we’re using them as a “universal remote control” to do things like set the alarm, turn our lights on and off, and even see who’s at the front door. Whether you’re an Android owner or iOS owner, get security software installed on your smartphones and tablets so you can protect all the things they access and control.
Get a fresh start with strong, unique passwords for all your accounts using a strong method of password creation. And keep those passwords safe—don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss. Better yet, instead of keeping them on a notebook or on sticky notes, consider using a password manager. It can actually create strong passwords for you, store them as you create them, and automatically use them as you surf, shop, and bank.
Make sure you have the latest software updates for your computers, laptops, phones, tablets, and apps, and internet of things (IoT) devices like camera and alarm systems. Updates are important for two reasons: one, they’ll make sure you’re getting the latest functionality from your app or device; and two, they often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
Hackers love playing the role of imposters to get a hold of sensitive info and account logins—because it’s often so effective. If you get what appears to be a suspicious request from a recruiter, co-worker, vendor, friend, or family member, verify the message with that person directly before opening or responding. Remember that an employer will never request sensitive information such as social security numbers or bank routing numbers over email or text.
When searching, give the results a good look before clicking. Ask yourself if the website you want to click is legitimate—are there any red flags, like a strange URL, an unfamiliar name, a familiar brand name with an unusual addition to it, or a description that simply doesn’t feel right when you read it. If so, don’t click. They could be malware sites. Better yet, use a built-in browser advisor that helps you search and surf safely. It’ll call out any known or suspected bad links clearly before you click.
To ensure that only invited attendees can access your video or audio conference call, make sure your meeting is password protected. For maximum safety, activate passwords for new meetings, instant meetings, personal meetings, and people joining by phone. To keep users (either welcome or unwelcome) from taking control of your screen while you’re video conferencing, select the option to block everyone except the host (you) from screen sharing.
If you receive an email asking to confirm your login credentials or that’s asking for any personal info, go directly to the company’s website or app—even if the email looks legitimate. Phishing attacks are getting more and more sophisticated, meaning that hackers are getting pretty good at making phishing emails look real. Don’t open any attachments or click any links in these emails. Instead, check the status of your account at the site or in your app to determine the legitimacy of the request.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Another line of defense you can use to hamper hackers is a virtual private network (VPN), which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it. If you’re working from home, check with your employer to see if they have a corporate VPN that you can use.
Stay even more secure with these free resources
Find out plenty more about working and schooling from home, health and well-being, in addition to articles on healthcare and dating online too. Drop by McAfee’s Safer Together site for a wealth of free articles and resources.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Top Ten Tips for Protecting Your Identity, Finances, and Security Online appeared first on McAfee Blogs.
eXtended Detection & Response (XDR) has become an industry buzzword promising to take detection and response to new heights and improving security operations effectiveness. Not only are customers and vendors behind this but industry groups like Open Cybersecurity Alliance (OCA) share this same goal and there are some open projects to leverage for this effort.
Let’s start with an understanding of XDR. There is a range of XDR definitions but at the end of day there are core desired capabilities and outcomes.
Benefit: Remove the siloes and reduce complexity. Empower security operations to respond and protect more quickly.
Benefit: Deliver faster and better security outcomes.
This requires security functions to be connected to create a shared data lake of insights and to synchronize detection and response capabilities across the enterprise. The Open Cybersecurity Alliance (OCA) shares this vision to easily bring interoperability between security products and simplify integration across the threat lifecycle. OCA enables this with several open source projects available to the industry.
In order to connect security solutions a consistent and easy to use pathway is needed. Contributed by McAfee OpenDXL Ontology is a common messaging format to enable real time data exchange and allow disparate security functions to coordinate and orchestrate actions. It builds up on other common open standards for message content (OpenC2, STIX, etc.) Vendors and organizations can use the categorized set of messages to perform actions on cybersecurity products and notifications used to signal when significant security-related events occur. There are multiple communications modes, one to one or one to many. In addition, there is a centralized authentication and authorization model between security functions. Some examples include but are not limited to:
Sample code on OCA site demonstrates how to integrate the ontology into existing security products and related solutions. The whole mantra here is to integrate once and be able to share information with all the tools/products that are leveraging OpenDXL Ontology.
OpenDXL is the open initiative from which OpenDXL Ontology was initially derived. The Data Exchange Layer (DXL) technology developed by McAfee is being used by 3000 organizations today and is the transport layer used to share information in near real time. OpenDXL technology is also the foundation to McAfee’s MVISION Marketplace where organizations may easily compose their security actions and fulfill the XDR promise of working together.
One who has followed DXL may ask what makes OpenDXL onotology different from DXL. DXL is communication bus. OpenDXL ontology is the common language to enable easy and consistent sharing and collaboration between many different tools on the DXL pathway.
To optimize threat intelligence between security tools easier, one needs to homogenize the data so it may be easily read and analyzed. Contributed by IBM, STIX -Shifter is an open-source Python patterning library to normalize data across domains. Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI). Many organizations have adopted STIX to make better sense of cyber threat intelligence.
STIX enables organizations to share CTI with one another in a consistent and machine-readable manner represented with objects and relationships stored in JavaScript Object Notation (JSON). STIX-Shifter uses STIX Patterning to return results as STIX Observations. This allows security communities to better understand what computer-based attacks they are most likely to see, anticipate and/or respond to those attacks faster and more effectively. What is unique is STIX-Shifter’s ability to search for all three data types—network, file, and log. This allows you to create complex queries and analytics across many domains like Security Information and Event Management (SIEM), endpoint, network and file levels.
STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more. Here is a great Introduction to STIX-Shifter video (just under 7 minutes) to watch.
Security Content Automation Protocol Version 2 (SCAP v2) is a data collection architecture to allow continuous real time monitoring for configuration compliance and to detect the presence of vulnerable versions of software on cyber assets. It offers transport protocols to enable secure interoperable communication of security automation information allowing more active responses to the security postures changes as they occur. SCAP v2 was derived from the National Institute of Standards Technology (NIST.)
To fully realize the benefits of an evolving XDR strategy, enterprises must ensure the platform they select is built atop an open and flexible architecture with a broad ecosystem of integrated security vendors. McAfee’s innovation and leadership in the Open Cybersecurity Alliance provides customers the confidence that as their security environment evolves, so too will their ability to effectively integrate all relevant technologies, the telemetry they generate and the security outcomes they provide.
If your organization aspires to XDR, the OCA projects bring the technologies to help unite your security functions. Many vendors are leveraging the OCA in their XDR ecosystems. Leverage the projects and join OCA if you want to influence and contribute to open security working together with ease.
The post How OCA Empowers Your XDR Journey appeared first on McAfee Blogs.
Part I of II
In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SolarWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch. Use of a Compromised Software Supply Chain (T1195.002) as an Initial Access technique is particularly critical as it can go undetected for a long period. FireEye released countermeasures that can identify the SUNBURST malware.
If you are using SolarWinds software, please refer to the company’s guidance here to check for vulnerable versions and patch information. McAfee has evaluated the published countermeasures and will continue to analyze further attack indicators. It’s important to note that this was a very sophisticated attack and customers are advised to assess their overall security architecture capability to either prevent, detect or respond to an APT threat. This attack reminds us that in today’s digital enterprise the supply chain includes many diverse elements including but not limited to critical equipment and hardware, cloud software and infrastructure as a service provider and critical IT software. Customers are advised to assess both intellectual property protection and supply chain integrity strategies. Part one of this blog series details initial McAfee defensive guidance and response actions. Part two will describe additional mitigation and solution recommendations.
For the latest information on McAfee see KB93861and subscribe to receive updates. Below is protection summary to date for the known backdoor indicators
McAfee Labs will continue analysis for any known indicators associated with this attack and update product protection accordingly. Furthermore, analysis is underway to analyse the behavioural components of the campaign and ensure product efficacy considers protection beyond static measures such as signatures.
MVISION Insights is tracking the campaign as SolarWinds Supply Chain Attack Affecting Multiple Global Victims with SUNBURST Backdoor. Customers can view the public version of MVISION Insights for the latest attack details, prevalence, techniques used and indicators of compromise.
Insights provides the indicators used by SUNBURST. The indicators will continue to update based on automated collection and human analysis. You can use the indicators to hunt on your network. Note: This will be updated as new indicators are verified.
Insights outlines the MITRE Att&ck techniques used by SUNBURST. You can use MITRE Att&ck framework to asses defensive capability across your security architecture.
One of the first initial response actions should be to hunt for known indicators of the attack. You can use MVISION EDR or MAR to search endpoints for SUNBURST backdoor indicators as provided by Microsoft and FireEye. See the search syntax below. If you are licensed for MVISION Insights this query will take place automatically. Additional defensive guidance will be published in an upcoming blog.
Begin MVEDR Query Syntax…
Files name, full_name, md5, sha256, created_at, create_user_name, create_user_domain and HostInfo hostname, ip_address, os and LoggedInUsers username, userdomain where Files sha256 equals “ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c” or Files sha256 equals “c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77” or Files sha256 equals “eb6fab5a2964c5817fb239a7a5079cabca0a00464fb3e07155f28b0a57a2c0ed” or Files sha256 equals “dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b” or Files sha256 equals “32519685c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77” or Files sha256 equals “d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600” or Files sha256 equals “53f8dfc65169ccda021b72a62e0c22a4db7c4077f002fa742717d41b3c40f2c7” or Files sha256 equals “019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134” or Files sha256 equals “ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6” or Files sha256 equals “32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77” or Files sha256 equals “292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712” or Files sha256 equals “c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71”
…End MVEDR Query Syntax
You should also search McAfee Web Gateway logs (or other network and SIEM logs) for communication to command and control domains or IP addresses, particularly those categorized as “Malicious Sites” below. Continue to check MVISION Insights for new domains and URLs.
It’s important to note that ongoing analysis will be critical to understand how the attackers will adapt and what additional mitigation is required. This will be a continuous process and we expect to add multiple updates to KB93861. Additionally, customers should follow McAfee Labs posts, check Insights Public Dashboard for latest threat intelligence, and continually check the Knowledge Center for latest product guidance. Part two of this blog will cover defensive capabilities and controls in more depth.
Every week Insights Preview highlights the top emerging threats and campaigns based on ATR Operational Intelligence collection and analysis.
Follow the latest COVID Threat statistics on the public Atlas Dashboard. For more information about how a customer can utilize Atlas and Intelligence as a Service from APG, speak to your McAfee Account Manager for a Threat Intel Briefing and Workshop.
McAfee Labs and Advanced Threat Research teams produce regular research reports with the latest threat intelligence statistics and trends. Please share the reports with customers.
Review and Share our external blogs that feature deeper malware analysis and explanations on emerging threats and attack campaigns.
The post SUNBURST Malware and SolarWinds Supply Chain Compromise appeared first on McAfee Blogs.
Every few weeks, there seems to be breaking news about large-scale data breaches that affect millions – but what about the lesser-known threats that lurk quietly in the shadows? Oftentimes, these are the scams that could wreak havoc on our day-to-day digital lives.
Adrozek malware is just that: a new strain that affects web browsers, stealthily stealing credentials through “drive-by downloads,” or a download that happens without your knowledge.
Let’s unpack how this malware works, who it targets, and what we can do to protect our browsers from this sneaky threat.
According to Threatpost, Adrozek is infecting several web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Yandex) on Windows machines with the help of a browser modifier that hijacks search results. To find its way onto our devices, the malware uses “drive-by downloads” once you load one of its several malicious web pages. In fact, a huge, global infrastructure supports Adrozek – one that is made up of 159 unique domain names, each hosting an average of 17,300 unique URLs, which in turn hosts more than 15,300 unique malware samples.
Once it makes its way onto your machine, the malware changes the device’s browser settings to allow Adrozek to insert fake ads over real ones. If you do happen to click on one of these fraudulent ads, the scammers behind this threat earn affiliate advertising dollars for each user they deceive. This not only takes money away from advertisers who are unaware that malware is increasing their traffic, but it also pays cybercriminals for their crimes. What’s more, the malware extracts data from the infected device and sends it to a remote server for future exploitation. In some cases, it even steals saved passwords from Firefox. These features allow the cybercriminals behind Adrozek to capitalize on the initial threat by collecting data that could be used against everyday users like you and me when we least expect it.
Aside from being supported by a vast infrastructure, Adrozek is powerful for another reason: it’s difficult to spot. Adrozek is a type of polymorphic malware, or malware that is programmed to constantly shift and change its code to avoid detection. As a result, it can be tricky to find and root out once it’s infected your browser.
To help protect your devices from falling victim to the latest theats, follow these tips to help protect your online security:
Software developers are actively working to identify and address security issues. Frequently update your browsers, operating systems, and apps so that they have the latest fixes and security protections.
Because Adrozek actively steals saved passwords from Firefox, it’s crucial to practice good password hygiene. When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials.
You can typically get rid of browser-hijacking malware by resetting the browser. But because Adrozek will hide itself on your device, extra measures should be taken to get rid of it. If you suspect that Adrozek may have found its way onto your device, delete your browsers, run a malware scan, and reboot your device. Run the malware scan a second time and reinstall your browsers.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Adrozek Malware is Wreaking Havoc on Web Browsers: How to Stay Protected appeared first on McAfee Blogs.
Every day, new apps are developed to solve problems and create efficiency in individuals’ lives. Employees are continually experimenting with new apps to enhance productivity and simplify complex matters. When in a pinch, using DropBox to share large files or an online PDF editor for quick modifications are commonalities among employees. However, these apps, although useful, may not be sanctioned or observable by an IT department. The rapid adoption of this process, while bringing the benefit of increased productivity and agility, also raises the ‘shadow IT problem’ where IT has little to no visibility into the cloud services that employees are using or the risk associated with these services. Without visibility, it becomes very difficult for IT to manage both cost expenditure and risk in the cloud. Per the McAfee Cloud Adoption and Risk report, the average enterprise today uses 1950 cloud services, of which less than 10% are enterprise ready. To divert a data breach (with the average cost of a data breach in the US being $7.9 million), enterprises must exercise governance and control over their unsanctioned cloud usage. Does this sound all too familiar? It’s because these are many of the issues we face with Shadow IT, and are facing today regarding a similar security risk with connected apps.
What are Connected Apps? Collaboration platforms such as Office 365 enable teams and end-users to install and connect third-party apps or create their own custom apps to help solve new and existing business problems. For example, Microsoft hosts the Microsoft Store, where end-users can browse through thousands of apps and install them into their company’s Office 365 environment. These apps help augment native Microsoft office capabilities and help increase end–user productivity. Some examples include WebEx to set up meetings from Outlook or a Survey Monkey add-in to initiate surveys from Microsoft Teams. When these apps are added, they will often ask the end–user to authorize access to their Cloud app resources. This could be data stored in the app, like in SharePoint, or calendar information or email content. Authorizing access to third party apps creates concerns for many organizations.
What if the app itself is risky? For example, PDF converter apps ask for access to all data so they can generate PDF versions for sharing. Corporate data is moving out of the corporate cloud app into these risky applications. Or, even if the app is not risky, it may be accessing cloud resources such as mail, drive, calendar, which contain data considered highly sensitive by the company. For example, the Evernote app for Outlook can be used for saving email data. Now, the app itself is not risky, but the company may not have approved it for employees to use. If that is the case, an introduction of apps in this manner represents a data exfiltration of corporate data.
Connected Apps establishes a cloud-to-cloud connection with your sanctioned cloud services that is not visible to existing network policies and controls. So, if a company has put in place controls on the web gateway or firewall to block unauthorized file sharing services, then it is still possible for employees to add the connected app from the marketplace and bypass these existing controls. Even the API based DLP policies do not apply to data moving into Connected Apps. All of this means that organizations need to exercise more oversight and control on the usage of Connected apps by their employees.
The Shared Responsibility model applies to Connected Apps as well. Cloud services like Google and Microsoft provide a marketplace for customers to add apps, but they expect the companies to take responsibility for their data and users and ensure that the usage of these connected apps is in line with security and compliance policies.
MVISION Cloud provides comprehensive security solutions through visibility, control, and the ability to troubleshoot into third-party applications connected to sanctioned cloud services, such as these marketplace apps. With a database of over 30,000 cloud services, MVISION Cloud provides comprehensive and up to date information on Connected Apps plugged into corporate cloud services such as Microsoft 365 and G Suite. Customers can use this visibility to apply controls to block, allow, or selectively allow apps for some users. As large users deploy Connected Apps to their hundreds of thousands of users, MVISION Cloud also provides troubleshooting tools to track activities and add notes to allow for quick diagnosis and resolution of Support issues. To learn more, see the brief video below provides a deeper look into securing connected apps with MVISION Cloud.
The post 3 Reasons Why Connected Apps are Critical to Enterprise Security appeared first on McAfee Blogs.
There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of additional persistence measures. Our analysis into the backdoor reveals that the level of access lends itself to the assumption that additional persistence mechanisms could have been established and some inferences regarding the intent from adversaries;
Although this analysis will focus on the premise that the backdoor supports the feasibility of establishing additional persistence methods we recognize the importance of providing assurance regarding coverage against available indicators. To that end the following resources are available:
Additional resources will become available as analysis both conducted by McAfee researchers, and the wider community becomes available.
There exists excellent analysis from many of our industry peers into the SUNBURST trojan, and the intention here is not to duplicate findings but to provide analysis we have not seen previously covered. The purpose is to enable potential victims to better understand the capabilities of the campaign in an effort to consider the possibility that there are additional persistence mechanisms.
For the purposes of this analysis our focus centered upon the file “SolarWinds.Orion.Core.BusinessLayer.dll“, this particular file, as the name suggests, is associated with the SolarWinds ORION software suite and was modified with a class added containing the backdoor “SunBurst”.
A deeper dive into the backdoor reveals that the initial call is to the added class “OrionImprovementBusinessLayer” which has the following functions:
The class starts with a check to see if the module is running and, if not, it will start the service and thereafter initiate a period of dormancy.
As was detailed by FireEye, this period of sleep can range from minutes up to two weeks. The actual time period of dormancy is dependent on the checks that must be passed from the code, like hash of the Orion process, write-times of files, process running etc. A sleep period of this length of time is unusual and speaks to a very patient adversary.
The most important strings inside the backdoors are encoded with the DeflateStream Class of the .NET’s Compression library together with the base64 encoder. By examining the block-list, we discover findings that warrant further inspection. First entries are the local-IP address ranges and netmasks:
Followed by the IPv6 local addresses equivalents:
fc00::,fe00::, fec0::,ffc0::,ff00::,ff00::
Next, there is a list of IP-addresses and their associated subnetmasks. We executed a whois on those IP-addressees to get an idea of whom they might belong to. There is no indication as to the reason that the following IPs have been inserted into the blocklist, although the netmasks implemented in certain entries are ‘quite’ specific, therefore we have to assume the attackers were intentional in their desire to avoid certain targets.
Assuming that the victim is not within the block list, the sample will then proceed to create the named pipe 583da945-62af-10e8-4902-a8f205c72b2e. This is done to ensure that only one instance of the backdoor is running. We were able to verify this through replication we carried out within our own environment.
When we ran the backdoor, we were able to confirm that this value is hardcoded in the code, and once the dormancy period passed the service is started and named pipe is created. At this point, the backdoor will also create a unique UserID MD5 value for the system it is installed on as depicted within figure 5.
This particular routine will initially read the Device-info of the system but ignore the loopback interfaces (part of the code of the ReadDeviceInfo routine that mentions “Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true” ). The Device-info will then be combined with the domain name, followed by a value from the registry key (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography). This information is then used to create an MD5 value of that string.
The module will start the ‘update’ routine. This routine is a continuous loop designed for verification against, for example, unwanted services that could potentially be used against detection of the backdoor as depicted in figure 6.
The backdoor gathers information from the system. The following information is gathered by a routine called “CollectSystemDescription”, some examples include;
There exists other subroutines to collect additional data, for example enumerating the information from the network-adaptors, the backdoor uses the GetNetworkAdapterConfiguration routine. The routine is gathering the following information:
In order to check if certain ‘unwanted’ services are running, the backdoor enumerates the services, creates a hashlist and compares them with a hard-coded set of these values. The ‘update’ routine will exit once a ‘block-listed’ process id discovered. The backdoor will attempt to stop these services by entering a value in the registry for that service that will disable that service. The update routine will check again and continue this process until all unwanted processes are disabled.
Another capability of the backdoor is to start/stop tasks:
Other functionalities we observed in the code are:
An interesting observation was the check for the presence of SolarWinds’ Improvement Client executable and it’s version “3.0.0.382”.
The ImprovementClient is a program that can collect the following information (source SolarWinds) :
Another observation of the http routine was the search for certain keywords in the http-traffic that might indicate the adversary was looking into details/access of cloud and/or wireless networks of their victims by using the SolarWinds’ modules that are installed to monitor/administer these kinds of instances. Managing the network using SolarWinds’ Orion is executed by using a browser and localhost that is hosting the webserver. Reading out the certificate values and search for these keywords in the http-traffic would have gained this information.
After all checks and routines have passed, the backdoor will use a domain generating algorithm (hereafter DGA) to generate a domain. Example of the part of the DGA code:
When the domain is successfully reached, the routine called ‘Update’ contains a part that will act on this and start a new thread firing off the routine “HttpHelper.Initialize”. In the below screenshot we can observe that flow:
The code shows that when the dnsrecord equals the domain and can be reached, the new thread will start in the background.
The ‘HttpHelper’ class/routine is responsible for all the C2 communications:
Even if a victim is using a Proxy-server with username and password, the backdoor is capable of retrieving that information and using it to build up the connection towards the C2. It then uses a routine called “IWebProxy GetWebProxy” for that:
The DGA-generated C2s are subdomains of: avsvmcloud[.]com.
An example of how these domains would look:
Inspecting the CNAME’s from the DGA-generated C2’s we observed the following domain-names:
In the forementioned HTTP handler code, we discovered paths that might be installed on the C2’s for different functions:
Once the backdoor is connected, depending on the objectives from the adversaries, multiple actions can be executed including the usage of multiple payloads that can be injected into memory. At the time of writing, details regarding the ‘killswitch’ against the above domain will prevent this particular backdoor from being operational, however for the purpose of this analysis it demonstrates the level of access afforded to attackers. While the efforts to sinkhole the domain are to be applauded, organisations that have been able to identify indicators of SUNBURST within their environment are strongly encouraged to carry out additional measures to provide themselves assurances that further persistent mechanisms have not been deployed.
The post Additional Analysis into the SUNBURST Backdoor appeared first on McAfee Blogs.
Even the best psychics, science fiction and horror writers could not have predicted or written 2020.
It’s been quite the year. I am thankful that it’s almost over.
The COVID-19 Coronavirus started a global lockdown that sent millions of people to work from home, or wherever they could shelter in place. Personally, working at home didn’t seem like a bad option at the time. But after 8 months, sheltering in place, working from home, and sharing your Internet bandwidth with three others who also need real-time audio and video can be exhausting.
Professionally, it’s another story. It’s hard to understate the magnitude of the change. It was as if someone flipped a switch. One day, most of McAfee’s 7,000+ employees could be found working in McAfee offices. The next day, we had 7,000 “offices” of one person each. They were now voices heard on a phone, logging in from remote locations.
Whereas previously just 2% of workers were remote full time globally, by April 2020, 42% of the workforce was remote according to Stanford University economics professor Nicholas Bloom. By late August, the number of workers at home dropped to 35%. That said, once the pandemic ends, about 55% of employers surveyed by PWC said they expected staff to work from home at least one day a week. And more than 80% of employees said they supported that idea. In fact, Facebook, Microsoft and Twitter have all said remote work would be a permanent option.
Most organizations have found a way to make do with existing infrastructure. Since we’re apparently in it for the long-haul, it’s time to go back and verify that all appropriate security protections are in place. Because – let’s face it – in many organizations, security during this transition had to be prioritized behind keeping the business running. Cyber hygiene had to wait while organizations worldwide raced to the cloud in order to get their teams online and productive again.
Cybercriminals know home networks are often less secure and have leaped at the opportunity to find new and easier ways to access data and systems. In fact, McAfee’s Advanced Threat Research team observed a 630% increase in external attacks on cloud accounts with the greatest concentration on collaboration services (CARR). And, during Q2 of 2020, McAfee’s global network of more than a billion sensors registered a 605% increase in total COVID-19-themed threat detections.
For a security company like McAfee, the pandemic is an opportunity to share some lessons to help protect your people and data without getting in your teams’ way. It will not surprise you to learn we primarily run our own products and relied on them heavily for our WFH transition. I will be touting some of the benefits of our products in this article.
1. Maximize Visibility and Control
For many companies, the rapid transition resulted in less visibility and control than when everyone was in the office behind a web gateway. With WFH, visibility and control across the entire organization – cloud, web as well as both managed and unmanaged devices is imperative.
McAfee MVISION Complete, part of our new Device-to-Cloud suites, provides this visibility and control across endpoint, web and cloud. The solution unifies MVISION Insights, Endpoint, cloud access security broker (CASB), data loss prevention (DLP), cloud-based Secure Web Gateway (SWG) and (soon) remote browser isolation technologies to deliver comprehensive device-to-cloud protection. It enables us to:
2. Run an Effective Threat Management Program
Threat Intelligence programs are designed to answer questions such as:
Questions like these are called Intelligence Requirements, and some threat management programs flounder because they focus on answering the first two questions. Others struggle because they don’t have the resources to answer the last two in a good way. It takes substantial time to walk through indicators of compromise (IOCs) and determine whether you have coverage on your endpoints, your IPS, your Web Gateway, etc. It can take longer to update coverage. Having 95% coverage can sound like a lot, but advanced actors always seem to be able to locate the unprotected 5%.
3. Plan for Increased Threats to Home Workers
WFH has put a premium on making sure employees can depend on the same level of security they received in the office. In a post-pandemic future where WFH continues to be prevalent, cyber adversaries will focus their innovation on WFH users. To get ahead of this trend, we must find ways to increase our protections for WFH users.
4. Future-Proof … with the Right Protections
Enterprise security teams should plan for the likelihood that some of their employees working from home are going to get breached. It may be a compromised computer. It may be a connected IOT device. People will do the wrong thing, so it is important here to mitigate risk.
The technical measures listed earlier are a good start. In addition, you’ll need to make sure WFH users are patched as aggressively as they were when on-site. And, that you have a process for following up with the last 5% who are out of office during patch installation, or who power down their laptop during installation. You’ll also need vulnerability scanning agents installed on user workstations.
Finally, I see a renewed move back to centralizing the data to limit the endpoint exposure.
5. Education Never Ends
There’s no getting around it. People are both a company’s biggest asset … and also a company’s biggest security liability. Many employees are still prone to making silly security mistakes by ignoring best practices. So, any WFH security approach ought to feature a big education component. Spend more time with employees to educate and inform how to improve their security practices. What’s practical guidance for employees? There’s no one-size-fits all but the best advice I can offer is to be realistic. Don’t send out a detailed, 20-page paper on wireless security and expect miracles. The message needs to be brief, clear and simple.
I’d love to hear what you’re doing to secure your distributed teams… leave comments below.
The post Finding the Success Among the Pandemonium that is 2020 appeared first on McAfee Blogs.
Like many of you, I spent a lot of time at home this year, but it came with an unexpected upside: an excuse to upgrade all my home tech! With so many great new products on the market, from 5G devices to smart TVs, cameras, and more, there’s a lot to choose from this holiday season, and into the New Year.
In fact, the smart home market is set to grow by nearly 12% over the next five years, to $135 billion, so I’m sure even more devices are coming. But for now, here are the devices on my wish list, and how to protect them once they’re unboxed.
Smart Thermostats—These have been around for a while, but the newest additions include features that keep your home comfortable, and eco-friendly, by giving you greater control over your energy use. Some thermostats can detect your habits, and heat or cool different areas of your home, depending on which rooms you are using. And others now connect to smart speakers, allowing you to stream your favorite music and podcasts, or receive calendar alerts.
Bluetooth Speakers—Speaking of high-tech speakers, this category has taken off in recent years, but now there are more options for different types of users. While some people like the voice command features that turn their speakers into personal assistants, other users just want portable speakers with great sound quality and a sleek style. Now you can find a variety of different designs, sizes, and price points.
Smart TVs—With the explosion of streaming content services, and the demand for more in-home entertainment during the pandemic, smart TVs have become a must-have item for many. The latest offer 4K streaming video, which gives you higher resolution, although you need to stream 4K content to get the benefit. It may be worth the investment for other new features, however, such as a faster user interface, and a built-in universal search engine that will allow you to easily locate a favorite movie, actor, or genre.
IP Cameras— Internet-connected cameras can be an affordable security option, and the latest versions offer extra surveillance with wide-angle lenses, night vision, and wireless options for outdoors. Some cameras even do motion tracking, and offer facial recognition, in case you want to know right away if the person on your property is a known entity or a stranger. Just keep in mind that to get the advanced features you usually need to sign up for a subscription service as well.
Gaming Router—As the father of two school-aged children, I know a lot of parents are wary of online gaming, but here’s why a gaming router may be a great gift, even if there are no hardcore gamers in the house. These routers aim to give you a more reliable internet connection, while allowing multiple devices to simultaneously receive data streams, which could be a game changer if your whole family is trying to work and learn online from home.
Some routers even offer Wi-Fi 6, which is a huge jump in potential speed to 9.6 Gbps from the current 3.5 Gbps. This also means that all the devices connected to your network could see a significant speed increase, but only if you have devices that can take advantage of it.
Here are a few more great holiday gifts ideas:
While the best smart home devices can certainly make your home more convenient, safe, and fun, they do open the door to some risk. You may have read about IP cameras being hacked, or other ways in which home networks are vulnerable to attacks. This is because most Internet of Things (IoT) devices come with little built-in security, making them an easy target for hackers.
Here’s how to secure both your network and your devices so you can enjoy them without worry.
By taking these precautions as soon as you unwrap your smart home devices, you’re setting yourself up for a fun, and safe, tech-filled New Year.
The post Best Smart Home Devices for a Connected New Year appeared first on McAfee Blogs.
Organizations across the country – from the private sector to the federal government – have become more digital, especially following the shift to remote work this year. It’s no surprise that cybercriminals around the world have taken notice. According to a new report by McAfee and the Center for Strategic and International Studies (CSIS), cybercrime is now a nearly trillion-dollar industry, and the government sector is not immune.
Across the board, the issue continues to rise – increasing the cost of cybercrime by nearly 50% since our last report in 2018. The threats to the government from cybercriminals are even greater, leading to potential national security risks as dark actors look to steal U.S. secrets and intellectual property.
All levels of government – from state and local to the federal government here in Washington – are taking steps to mitigate the issues, but they must do so differently than their private sector counterparts. Government respondents to the survey reported the highest number of malicious attacks, highlighting the high-stakes environment in which governments operate.
Unfortunately, the report also found that while government organizations face more attacks than their private-sector counterparts, they also take longer to remediate them, leaving our government services, infrastructure, and other critical aspects of society at risk for longer than they need.
Earlier this week, McAfee’s CTO Steve Grobman joined CSIS for a conversation on the report and how we can continue to prepare for and mitigate the risk of cybercrime and its hidden costs with CSIS’ Jim Lewis and Zhanna Malekos Smith, former Federal CISO Grant Schneider and the FBI’s Jonathan Holmes.
Kicking off the discussion, Schneider highlighted the importance of the workforce and the need to take care of them so organizations can quickly rebound from an incident. Schneider noted that if an office were robbed, no one would blame the team, but with cybercrime, victims are often seen as the issue – leading to reduced employee morale and more issues later down the line.
Instead, Schneider argued on the importance of preparing the workforce and that preparation can take several forms, including risk management through NIST’s risk management framework. He also called for organizations to develop a recovery plan, engaging different departments, leadership and the public to be ready for when an incident occurs.
In his discussion of the report’s findings, McAfee CTO Steve Grobman noted they weren’t shocking. Grobman said that as we adopt new technologies, adversaries will continue to find new attack vectors.
This year was particularly notable as much of the federal government transitioned to a remote work environment overnight. As the workforce went remote – critical government information was accessed from home internet routers that lacked the same level of security as government office networks, increasing adversaries’ ability to successfully launch attacks.
Luckily, as Grobman noted, there are ways lawmakers can mitigate the threat of ransomware against government and the private sector.
Across the country, governments are facing ransomware attacks at an alarming rate, and every one of them – at every level – needs to have a plan in place. There needs to be a data-based discussion with leadership to decide how to balance the daily blocking and tackling of threats with limited complication to the continuation of operations and preparation for big intrusions like we’ve seen happen this year.
There are also policy solutions – many of these criminal groups operate in countries that allow them to do so. When negotiating trade deals with countries, the level of cybercrime and the government’s cooperation with or against those groups must be considered.
The cost of cybercrime is now nearly 1% of the global GDP, and it will only continue to rise, impacting companies and governments around the world unless we come together to stop it through basic cyber hygiene, preparation and policy solutions.
The post The Hidden Costs of Cybercrime on Government appeared first on McAfee Blogs.
Last month, I discussed the FedRAMP program’s basics and why it’s such a big deal for the federal government. In short, the program protects the data of U.S. citizens in the cloud and promotes the adoption of secure cloud services across the government with a standardized approach.
But within the FedRAMP program, there are different authorizations. We’re pleased that McAfee MVISION for Endpoint Access recently achieved FedRAMP Moderate Authorization, which allows users from federal agencies, state and local government, and other industries in regulated environments to manage Controlled Unclassified Information (CUI) such as personally identifiable information (PII) and routine covered defense information (CDI).
As organizations across the country continue to adapt to a remote workforce, the U.S. government is “in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape,” Alex Chapin, our VP of DoD and Intelligence notes.
And he’s right – with the 2021 federal fiscal year in full focus, federal agencies are continuing to push cloud computing as the COVID-19 pandemic continues, creating a real need for security in these applications.
The FedRAMP Moderate designation allows MVISION to provide the command and control cyber defense capabilities government environments need to enable on-premises and remote security teams, allowing them to maximize time and resources, enhance security efficiency and boost resiliency.
This is a massive win for the federal government as it continues to build out its remote workforce capabilities at a time when the GAO is continuing to release best practices for telework, highlighting how remote work is here to stay in the federal government.
MVISION Cloud is currently in use by ten federal agencies, including the Department of Energy (DOE), Department of Health and Human Services (HHS), Department of Homeland Security (DHS), Food and Drug Administration (FDA) and National Aeronautics and Space Administration (NASA).
At McAfee, we are dedicated to ensuring our cloud services are compliant with FedRAMP standards to help the federal government secure its digital infrastructure and prepare for an increasingly digital operation. We look forward to working closely with the FedRAMP program and other cloud providers dedicated to authorizing cloud service offerings with FedRAMP.
The post McAfee MVISION for Endpoint is FedRAMP Moderate As Federal Cloud Usage Continues to Rise appeared first on McAfee Blogs.
This week, we announced the latest release of MVISION Unified Cloud Edge, which included a number of great data protection enhancements. With working patterns and data workflows dramatically changed in 2020, this release couldn’t be more timely.
According to a report by Gartner earlier in 2020, 88% of organizations have encouraged or required employees to work from home. And a report from PwC found that, corporations have termed the remote work effort in 2020, by and large, a success. Many executives are reconfiguring office layouts to cut capacity by half or more, indicating that remote work is here to stay as a part of work life even after we come out of the restrictions placed on us by the pandemic.
Security teams, scrambling to keep pace with the work from home changes, are grappling with multiple challenges, a key one being how to protect corporate data from exfiltration and maintain compliance in this new work from home paradigm. Employees are working in less secure environments and using multiple applications and communication tools that may not have been permitted within the corporate environment. What if they upload sensitive corporate data to a less than secure cloud service? What if employees use their personal devices to download company email content or Salesforce contacts?
McAfee’s Unified Cloud Edge provides enterprises with comprehensive data and threat protection by bringing together its flagship secure web gateway, CASB, and endpoint DLP offerings into a single integrated Secure Access Service Edge (SASE) solution. The unified security solution offered by UCE features unified data classification and incident management across the network, sanctioned and unsanctioned (Shadow IT) cloud applications, web traffic, and endpoints, thereby covering multiple key exfiltration vectors.
According to a recent McAfee report, 91% of cloud services do not encrypt data at rest and 87% of cloud services do not delete data upon account termination, allowing the cloud service to own customer data in perpetuity. McAfee UCE detects the usage of risky cloud services using over 75 security attributes and enforces policies, such blocking all services with a risk score over 7, which helps prevent exfiltration of data into high risk cloud services.
Some cloud services, especially the high risk ones, can be blocked. But there are others which may not be fully sanctioned by IT, but fulfill a business need or improve productivity and thus may have to be allowed. To protect data while enabling these services, security teams can enforce partial controls, such as allowing users to download data from these services but blocking uploads. This way, employees remain productive while company data remains protected.
Digital transformation and cloud-first initiatives have led to significant amounts of data moving to cloud data stores such as Office 365 and G Suite. So, companies are comfortable with sensitive corporate data living in these data stores but are worried about it being exfiltrated to unauthorized users. For example, a file in OneDrive can be shared with an unauthorized external user, or a user can download data from a corporate SharePoint account and then upload it to a personal OneDrive account. MVISION Cloud customers commonly apply collaboration controls to block unauthorized third party sharing and use inline controls like Tenant Restrictions to ensure employees always login with their corporate accounts and not with their personal accounts.
An important consideration for all security teams, especially given most employees are now working from home, is the plethora of unmanaged devices such as storage drives, printers, and peripherals that data can be exfiltrated into. In addition, services that enable remote working, like Zoom, WebEx, and Dropbox, have desktop apps that enable file sharing and syncing actions that cannot be controlled by network policies because of web socket or certificate pinning considerations. The ability to enforce data protection policies on endpoint devices becomes crucial to protect against data leakage to unauthorized devices and maintain compliance in a WFH world.
Outbound email is one of the critical vectors for data loss. The ability to extend and enforce DLP policies to email is an important consideration for security teams. Many enterprises choose to apply inline email controls, while some choose to use the off-band method, which surfaces policy violations in a monitoring mode only.
Using point security solutions for data protection raises multiple challenges. Managing policy workflows in multiple consoles, rewriting policies, and aligning incident information in multiple security products result in operational overhead and coordination challenges that slow down the teams involved and hurt the company’s ability to respond to a security incident. UCE brings web, CASB, and endpoint DLP into a converged offering for data protection. By providing a unified experience, UCE increases consistency and efficiencies for security teams in multiple ways.
A single set of classifications can be reused across different McAfee platforms, including ePO, MVISION Cloud, and Unified Cloud Edge. For example, if a classification is implemented to identify Brazilian driver’s license information to apply DLP policies on endpoint devices, the same classification can be applied in DLP policies on collaboration policies in Office 365 or outgoing emails in Exchange Online. Alternatively, if the endpoint and cloud were secured by two separate products, it would require creating disparate classifications and policies on both platforms and then ensuring the 2 policies have the same underlying regex rules to keep policy violations consistent. This increases operational complexity and overhead for security teams.
Customers using MVISION Cloud have a unified view of cloud, web, and endpoint DLP incidents in a single unified console. This can be extremely helpful in scenarios where a single exfiltration act by an employee is spread across multiple vectors. For example, an employee attempts to share a company document with his personal email address, and then tries to upload it to a shadow service like WeTransfer. When both these attempts don’t work, he uses a USB drive to copy the document from his office laptop. Each of these fires an incident, but when we present a consolidated view of these incidents based on the file, your admins have a unique perspective and possibly a different remediation action as opposed to trying to parse these incidents from separate solutions.
McAfee data protection platforms provide customers with a consistent experience in creating a DLP policy, whether it is securing sanctioned cloud services, protecting against malware, or preventing data exfiltration to shadow cloud services. Having a familiar workflow makes it easy for multiple teams to create and manage policies and remediate incidents.
As the report from PwC states, the work from home paradigm is likely not going away anytime soon. As enterprises prepare for the new normal, a solution like Unified Cloud Edge enables the security transformation they need to gain success in a remote world.
The post Finally, True Unified Multi-Vector Data Protection in a Cloud World appeared first on McAfee Blogs.
In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that communicates to third-party servers for command and control and malicious file transfer giving the attacker a foothold on the affected system with elevated privileges. From there, additional actions on the objective, such as lateral movement and data exfiltration, are possible. Since release of the initial blog from FireEye, subsequent additional analysis by McAfee and the industry as well as alerts by CISA, we have seen the attack grow in size, breadth and complexity. We will continue to update defensive recommendation blogs like this as new details emerge.
The use of a compromised software supply chain as an Initial Access technique (T1195.002) is particularly dangerous as the attack uses assumed trusted paths and as such can go undetected for a long period. This attack leveraged several techniques, such as trusted software, signed code and stealthy hiding-in-plain-sight communication, allowing the attacker to evade even strong defenses and enjoy a long dwell before detection. The sophisticated nature of the attack suggests that an Advanced Persistent Threat (APT) Group is likely responsible. In fact, FireEye is tracking the group as UNC2452 and has released countermeasures to identify the initial SUNBURST backdoor. McAfee has also provided an intelligence summary within MVISION Insights and mitigation controls for the initial entry vectors are published in KB93861. For additional response actions, please view Part One of this blog series here. If you are using SolarWinds software, please refer to the company guidance here to check for vulnerable versions and patch information.
However, looking beyond the initial entry and containment actions, you should think about how you are prepared for this type of attack in the future. This is a sophisticated actor(s) who may use other techniques such as Spearphishing to gain access, then move around the corporate network and potentially steal intellectual property as was the case with FireEye. They will change techniques and tools, so you need to be ready. Our Advanced Threat Research team tracks over 700 APT and Cyber Crime campaigns so the potential for another threat actor to launch a similar attack is high. In this blog, we will take a specific look at the techniques used in the SolarWinds compromise and provide some guidance on how McAfee solutions could help you respond now and prepare for this type of threat in the future with an adaptable security capability for resilience.
In our first blog in this series, we provided some initial response guidance designed to disrupt the attack early in the Execution phase or look retrospectively on the endpoints or proxy logs for indicators of compromise. But as you can see in the attack timeline below, it started much earlier with purposeful and detailed preparation and includes multiple other steps. A couple of techniques speak volumes about the sophistication and planning involved in this campaign.
First is the choice of entry vector. The attacker in this case compromised part of the software supply chain by weaponizing software by SolarWinds, a major brand of IT management software. While software supply chain compromises are not new, like the recent one affecting JavaScript, they are typically on a smaller scale or more quickly detected. More common initial access techniques involve Spearphishing or taking advantage of open remote services like RDP. While both take planning and effort, weaponizing software from a major technology company and going undetected in that process is no easy feat. Secondly, the calculated wait time before external communication and the custom Domain Generation Algorithm (DGA) indicate the attacker has a lot of patience and stealth capability. For more detailed analysis of these advanced techniques, see McAfee Labs additional analysis blog on the SUNBURST backdoor.
The attack also involves numerous post-exploitation actions such as command and control communication masquerading (T1001.003) as normal update traffic, additional payload transfers (T1105), system discovery, credential harvesting and potentially then movement to other systems, even cloud-hosted infrastructure systems. The goal of course is to disrupt or detect any stage of attack before the breakout point and hopefully before any real impact to the business. The breakout point is when an attacker has gained privileges and starts to move laterally within the business. At that point, it becomes very difficult but not impossible to disrupt or detect the activity. But you must act fast. The impact of the attack can vary. In one case, it could be loss of intellectual property, but in another case, destruction of critical systems or data could be the goal. Also, what if the attacker used other initial access techniques, such as Spearphishing (T1566), to deliver a similar backdoor? Would you be able to detect that activity or any of the follow actions? Our point is don’t just update the endpoint with the latest DAT and consider yourself secure. Look for other ways to disrupt or detect an attack throughout the whole attack chain, leveraging both prevention and detection capability and keeping the end goal in mind to reduce impact to the business. Also think about how you prepare. The attackers in this case spent a lot of time in preparation creating custom malware and infrastructure. How about your organization? Do you know what attackers might be targeting your organization? Do you know their tactics and techniques?
In the first hours of a new threat campaign, if the CIO or CISO asked you, “are we exposed to SUNBURST”, how long would it take you to answer that question? One place to turn is MVISION Insights. MVISION Insights combines McAfee’s Threat Intelligence research with telemetry from your endpoint controls to reduce your attack surface against emerging threats. MVISION Insights tracks over 700 APT and Cyber Crime campaigns as researched by McAfee’s ATR team, including the most recent, FireEye Red Team tool release and SolarWinds Supply Chain Compromise campaigns.
In the beginning hours of a new threat response, you can use MVISION Insights to get a quick summary of the threat, view external resources, and a list of known indicators such as files, URLs, or IP addresses. The campaign summary saves you from some of the time-consuming task of combing multiple sites, downloading reports, and building out the broader picture. MVISION Insights provides critical pieces in one place allowing you to move quicker through the response process. The next question to answer, is this new attack a risk to my business? Insights can help you answer that question as well when you click on “Your Environment”.
Insights automatically correlates the indicators of compromise with Threat Events from McAfee ENS, allowing you to quickly asses if there is an immediate problem now. If you had a detection, you should immediately go to incident response. Insights reviews your endpoint control configuration to asses if you have the right content update deployed to potentially disrupt the threat. At this point, you are closer to answer the CIO question of “are we exposed”. I say closer because Insights provides only the endpoint protection view currently so you will need to review other controls you have in place to fully assess risk.
However, Insights also assesses your endpoint security posture against other advanced threat techniques, looking to see if you are getting the best value from ENS by leveraging signature, intelligence and behavior anomaly detection capability in the solution. This is important because the attackers will change tactics, using new entry techniques and tools, so your security posture must continuously adapt. And this is just one campaign. Insights is summarizing intelligence, surfacing detections and reducing your attack surface continuously, against 700 campaigns!
Mitigating risk from SUNBURST and similar sophisticated APT campaigns requires a security architecture that provides defense in depth and visibility throughout the entire attack chain. You should review your architecture and assess gaps either in technique visibility or protection capability. Below we have outlined where McAfee and partner solutions could be used to either disrupt or detect some of the attack techniques used in SUNBURST based on what we know today.
While the attacker is no doubt sophisticated and stealthy, the multi-stage aspect of the attack presents opportunities to detect or stop at multiple points and perhaps even before the attack gains a foothold. We cover more about how to use McAfee EDR to search for or detect some of the techniques used in SUNBURST in next section. However, there are some other key cyber defense capabilities that may be overlooked in your organizations but are critical to having a chance at detection and mitigation. We highlight those in this section below.
Normally this is beyond what most organizations have time to do. However, in this case, you need to gain any advantage. We discussed MVISION Insights above so here we will cover additional guidance. During the preparation phase of this attack, the attacker obtains infrastructure within the target geo to host their command and control server. During this phase, they also set the hostnames of their C2 servers to mimic target organization hostnames. A scan for your domain names on external IP blocks can reveal the attack formation. Open source tools such as Spiderfoot offer a number of plugins to gather and analyze such types of data. Passive DNS with combination of hosts communicating with unusual domain names also represent a window of detection whereby Advanced DNS Protection solutions such as from our SIA partner Infoblox can detect behavior-based DGA usage by malware and automatically block such DNS resolution requests.
DNS queries often provide the first layers of insights into any type of C2 communication and data exfiltration. You should enable logging ideally at an upstream resolver(s) where you can see traffic from your entire infrastructure. More information can be found here for Windows DNS Servers and Linux Bind DNS Servers. This could be forwarded to McAfee ESM/other SIEMs for analysis and correlation for detection of DGA-type activities.
Being able to detect unusual flows should also be a priority for incident responders. Along with DNS queries, NetFlow data when combined with UBA provides a great source of detection, as the attackers’ use of VPS providers can be combined with user login data to detect an “impossible rate of travel event.”
As described in the defensive architecture, MVISION EDR plays a vital role in hunting for prevalence of indicators related to the SUNBURST backdoor and ensuing post compromise activity. The role of MVISION EDR becomes even more important due to the usage of manual OPSEC by the threat actor where what follows the initial breach is driven by how the threat actor is targeting the organisation.
You can use MVISION EDR or MAR to search endpoints for SUNBURST indicators as provided by Microsoft and FireEye. If you are licensed for MVISION Insights, you can pivot directly to MVISION EDR to search for indicators. MVISION EDR supports real-time searches to hunt for presence of files on the endpoints and allows for sweeps across the estate. The following query can be used with the pre-populated malicious file hash list. The presence of the file on the system is itself does not mean it was successful and further hunting to check for execution of the actual malicious code on the system.is needed. See the search syntax below.
Begin MVEDR Query Syntax…
Files name, full_name, md5, sha256, created_at, create_user_name, create_user_domain and HostInfo hostname, ip_address, os and LoggedInUsers username, userdomain where Files sha256 equals “ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c” or Files sha256 equals “c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77” or Files sha256 equals “eb6fab5a2964c5817fb239a7a5079cabca0a00464fb3e07155f28b0a57a2c0ed” or Files sha256 equals “dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b” or Files sha256 equals “32519685c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77” or Files sha256 equals “d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600” or Files sha256 equals “53f8dfc65169ccda021b72a62e0c22a4db7c4077f002fa742717d41b3c40f2c7” or Files sha256 equals “019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134” or Files sha256 equals “ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6” or Files sha256 equals “32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77” or Files sha256 equals “292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712” or Files sha256 equals “c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71”
…End MVEDR Query Syntax
Additionally, you can do a historical search creation and deletion of files going back up to 90 days in cloud storage.
The threat actor is known to rename system utilities/files and clean up their tracks. MVISION EDR can review historical changes to the file system, this is crucial in determining if an endpoint was a victim of this attack. The flexible search interface can be used to filter down and track the progress of the completion of the attacker’s objectives for e.g. look at changes triggered from the infected dll’s such as netsetupsvc.dll.
MVISION EDR allows for tracing of active network connections leveraging the real time search functionalities
You can also leverage the historical search function to look for historical connections related to the command and control activity for this threat actor. The filtering by process ID and source/destination IP allows analysts to track down the malicious communications.
MVISION EDR also allows analysts to review historical DNS lookups thus allowing for the ability to hunt for malicious DNS lookups. This is a very important capability in the product as many organizations do not log DNS or have a DNS hierarchy that makes it harder to log the end device making the actual request.
MVISION EDR includes custom collector creation ability that allows for execution of custom commands across the estate. In this case, it’s possible to look for the existence of the Named Pipes by executing the following Powershell command:
Powershell Command for Pipe detection [System.IO.Directory]::GetFiles(“\\.\\pipe\\”) | %{($_ -split “\\”)[6]}
HostInfo hostname, ip_address, os where _NamedPipe pipename contains “583da945-62af-10e8-4902-a8f2 05c72b2e”
It is known the attacker in its final stages leverages legitimate SolarWinds processes to complete their objectives:
\Windows\SysWOW64\WerFault.exe
\SolarWinds\Orion\ExportToPDFCmd.Exe
\SolarWinds\Orion\APM\APMServiceControl.exe
\SolarWinds.Credentials\SolarWinds.Credentials.Orion.WebApi.exe
\SolarWinds\Orion\Topology\SolarWinds.Orion.Topology.Calculator.exe
\SolarWinds\Orion\Database-Maint.exe
ProcessHistory parentname, name, id, cmdline WHERE ProcessHistory parentname equals “WerFault.exe” or ProcessHistory parentname equals “ExportToPDFCmd.Exe” or ProcessHistory parentname equals “APMServiceControl.exe” or ProcessHistory parentname equals “SolarWinds.Credentials.Orion.WebApi.exe” or ProcessHistory parentname equals “SolarWinds.Orion.Topology.Calculator.exe” or ProcessHistory parentname equals “\SolarWinds\Orion\Database-Maint.exe”
MVISION EDR’s architecture leverages the Data Exchange Layer to stream trace data to our cloud service where we apply analytics to identify or investigate a threat. Trace data are artifacts from the endpoint, such as file hashes, processes, communications, typically needed for endpoint detection and searches. The DXL architecture allows that data to be streamed to the cloud as well to a local data store such as a SIEM or other log storage like Elastic simultaneously.
You can store the data longer than the 90-day maximum McAfee stores in our cloud. Why is this important? Recent analysis of SUNBURST suggests that the attack goes as far back as March 2020, and perhaps earlier. This local storage would provide capability to hunt for indicators further back as needed, if so configured.
How do you know what data sources are needed to detect Mitre Att&ck tactics and techniques? Carlos Diaz from MVISION EDR engineering wrote a great tool called Mitre-Assistant to simplify that process. You can download that tool here.
One of the key challenges threat hunters and security analysts face is where the attack progresses through to the second phase of the attack, where it is understood the attacker has dropped malware to execute and complete their objectives. This usage of sophisticated execution of malware from a trusted process is detected by MVISION EDR and automatically mapped to the MITRE ATT&CK Framework. As part of the detection and process tracing, EDR also captures the command executed on the endpoint. This becomes invaluable in case of tracking the manual OPSEC aspect of the second phase of the attack.
MVISION EDR provides extensive capabilities to respond to threats once they have been assessed, e.g. real-time searches once executed allows analysts to scope the affected endpoints rapidly at which point the solution offers multiple options as a method for containment and remediation of the threat across the estate through bulk operations.
MVISION EDR provides a way to easily visualize data egress by looking at topology view of the endpoints where malicious activity has been detected, by observing the network-flow map the outlier connections can be easily identified and then correlated with WHOIS, IP reputation and Passive DNS data from providers like McAfee GTI and Virustotal. Once established, the external connections can be blocked and the endpoint can be quarantined from the EDR console. EDR also shows common processes spawning across multiple endpoints to showcase lateral movement and is also tagged as part of the MITRE techniques being identified and detected.
Combining EDR with Deception technology such as that from Attivo Networks brings together a combination of offensive detection where the attacker can be effectively trapped as result of not getting hold of the real credentials required to make the lateral movement/ privilege escalation a success thus failing in their objective completion.
An integrated approach to DLP can also provide effective protection against the completion of the objectives for e.g. unified DLP policy across the endpoint and web-gateway looking for exfiltration of sensitive organizational data can also provide valuable defenses. McAfee’s UCE platform provides such unified data protection capabilities.
Our latest research indicates attacker is actively looking to establish additional footholds into customer cloud environments such as Azure AD or bypass multi-factor authentication by hijacking SAML sessions, McAfee’s MVISION Cloud Access Control and User Anomaly Detection can identify suspicious access attempts to cloud services and infrastructure.
It is recommended to increase monitoring and investigations into such activity especially with privileged accounts on sensitive infrastructure
In addition to architecture review and continuous hunting for indicators, it is recommended that customers work with their suppliers – IT, Cloud Services, Infrastructure, Hardware, etc. – to validate integrity. Secondly, review controls, detection use cases in the SOC and logs, specifically related to your intellectual property. A tabletop exercise to rehearse crisis management and breach notification procedures is also recommended.
It’s important to note that analysis of this attack is ongoing across the globe and events are still unfolding. The presence/detection of the backdoor and affected software is just the beginning for many customers. MVISION EDR or other tool detections of malicious named-pipe presence and domains help indicate to a customer if the backdoor was running, but with the gathered system information, the adversary may have valid accounts and access to AD or Cloud systems in some cases. The adversary has been wiping information/log files to erase traces. Incident Response is a critical piece of your overall business resilience and if you are affected, you will no doubt be asking yourself these types of questions.
McAfee will continue to post analysis results and defensive guidance as we learn more about the attack. Customers should follow McAfee Labs posts, check the Insights Preview Dashboard for latest threat intelligence, and continually check the Knowledge Center for latest product guidance.
The post How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise appeared first on McAfee Blogs.
Die Cloud ist und bleibt ein Treiber für die digitale Transformation. Nachdem der Fokus primär auf die Erkennung von Shadow-IT
und die Absicherung von SaaS-Diensten lag, wandert nun der Blick auf längerfristige Projekte: Die Migration von ganzen Diensten
und Anwendungen in Richtung Cloud. In diesem Podcast sprechen wir daher über die Themen Infrastruktur und Container in der
Cloud, wie diese sich in die bestehende Architektur einbinden und welche weiteren wichtigen Sichtweisen für eine umfassendes
Sicherheitskonzept hilfreich sind.
The post ST25: Absicherung von Cloud-nativen Anwendungen appeared first on McAfee Blogs.
2020 has been quite the year for many, and through it all, we’re reflecting on everything we are thankful for. This includes the incredible stories and invaluable perspectives that come from our McAfee team members around the world.
As the year ends, we’re counting down the top 10 most read Life at McAfee blog stories. These are the stories from our team members that you love to read, and we love to tell!
When COVID-19 hit Germany, Heiko jumped into action and made an impact on his community with the help of THW and McAfee’s Volunteer Time Off (VTO) benefit. Read about Heiko’s experience and how he was able to help provide relief by helping to build a temporary hospital facility.
Navigating a global pandemic while balancing parenthood and adjusting to remote work is currently a challenge for many. In this blog, our team member, Paige, offers up four helpful tips for remote working parents.
In honor of International Women’s Day, we asked McAfee men around the world to share their perspectives on creating a more gender equal world. They offered candid and rich insights with takeaways to remember — inside and outside of the workplace. If you’re looking for an interesting conversation on gender equality, you won’t want to miss this blog.
Launching your career is an exciting experience that can also be a nerve-wracking feat. Our Women in Security (WISE) Community hosted a panel discussion to encourage our next generation of women in tech to pursue their passions. Whether you’re just starting your career or looking for a change, you’ll find useful insights on what it’s like to work in the tech industry and life at McAfee!
We talked to our Women in Technology (WIT) Scholarship recipients and discussed their participation in our summer internship program in Cork, Ireland. Read about their unique experiences being in the program — from building professional relationships to mentorships and training. This is a valuable read for anyone jumpstarting a new career.
Looking for a snapshot of McAfee internships? To celebrate National Intern Day, we asked ten global McAfee interns to share insights gained from their unique experiences.
To pay tribute to our veterans in honor of Veterans Day and Remembrance Day, we asked team members in our McAfee Veterans Community to share memories and photos from their service days. Check out what some of them had to say!
Meet Thomas, Advanced threat Researcher at McAfee by day, 3D–mask–printing expert by night. Read Thomas’ story and find out how he is making a significant impact and inspiring others to support healthcare workers during the pandemic.
In our Women in Sales series, McAfee’s sales professionals talked on how to break boundaries and achieve success in cybersecurity sales. If you want to dive into industry opportunities and gain advice to advance your career, this is the place to start!
Whether you’re an expert in remote work or working from home for the first time, you may be looking for helpful tips to set yourself up for success. In this blog, get advice from seasoned remote workers on navigating working from home and learn how you can incorporate practical tips.
The post 2020 In Review: The Top 10 Most Popular Life at McAfee Blogs appeared first on McAfee Blogs.
McAfee, the device-to-cloud cybersecurity company, announced the winners of its distinguished SIA Partner Awards. The 2020 awards recognize partners who demonstrated innovation, strategic value, and market leadership in their respective market segments which are a complement to the McAfee solution portfolio.
2020 has been a difficult year for everyone that has required organizations to be flexible and rethink how they deploy security to ensure their critical assets remain protected. The McAfee SIA program enables organizations to embrace the flexibility they need through certified integrated solutions from industry-leading providers to ensure they have the tools and resources needed to stay protected and ensure business keeps operating.
We are pleased to announce the winners of the 2020 McAfee Security Innovation Alliance Awards in the following three categories: Most Innovative Partners of the Year, and SIA Partner of the Year.
IBM Security is a strategic partnered with McAfee across multiple IBM teams including Resilient and QRadar. To date McAfee has certified integrations with IBM’s Incident Response platform, Resilient to include: TIE, DXL, ePO, ESM, ATD and now MVISION. McAfee has released QRadar integrations to both ePO and MVISION. All McAfee Resilient integrations are published on IBM’s AppExchange. In 2019 McAfee and IBM jointly founded the Open Cybersecurity Alliance under the auspices of Oasis. Read our solution brief for more details. IBM Security was amongst the inaugural partners announced during the recent launch of the MVISION Marketplace.
Siemplify is a great McAfee partner, previously integrating their SOAR product with McAfee ePO. Now, with McAfee’s latest announcement of the MVISION Marketplace including Siemplify as one of the inaugural development partners. Siemplify has shown themselves to be one of our most innovative partners during 2020 and now enable mutual customers to discover, try, buy, and deploy partner technologies as a Composable solution with a few clicks of the mouse.
Most Valuable Partner of the Year criteria cover the breadth and depth of the partner’s multiple integrations and close business engagement with McAfee.
ThreatQuotient, “ThreatQ” Joined the SIA program in January 2017 and quickly showed their value through their Threat Intelligence Platform. In ThreatQ fashion, they quickly, integrated with McAfee TIE, McAfee Data Exchange Layer (DXL), McAfee Advanced Threat Detection (ATD), McAfee Active Response (MAR) and Enterprise Security Manager (ESM), followed by MVISION Endpoint Detection and Response (EDR). Most recently ThreatQ was amongst the inaugural partners to launch with McAfee’s new MVISION Marketplace.
Partnership integrations and the most deal closures within the SIA programs tells the story or why ThreatQuotient was selected as the Partner of The Year.
To learn more about these partners and MVISION Marketplace visit: https://marketplace.mcafee.com
Read the MVISION Marketplace press release here: McAfee Announces MVISION Marketplace
The post McAfee Security Innovation Alliance 2020 MPOWER Awards appeared first on McAfee Blogs.
On December 13, 2020, FireEye announced that threat actors had compromised SolarWinds’s Orion IT monitoring and management software and used it to distribute a software backdoor to dozens of that company’s customers, including several high profile U.S. government agencies.
This campaign is the first major supply chain attack of its kind at scale and represents a shift in tactics where a nation state has employed a new weapon for cyber-espionage. Just as the use of nuclear weapons at the end of WWII changed military strategy for the next 75 years, the use of a supply chain attack will change the way we need to consider defense against cyber-attacks.
This supply chain attack operated at the scale of a worm such as WannaCry in 2017, combined with the precision and lethality of the 2014 Sony Pictures or 2015 U.S. Office of Personnel Management (OPM) attacks.
The impact of this attack shows how a high-volume commercial software product can impact many organizations simultaneously. In the past, cyber-attacks such as WannaCry relied on vulnerabilities, exploiting organizations that failed to install critical patches. In the case of SolarWinds-SUNBURST, any organization that simply updated its software could be vulnerable to attack, which is why we saw the impact across multiple agencies in the federal government and private sector. Furthermore, the backdoor used stealth tactics to monitor if it was being analyzed by looking for the presence of debuggers and network monitors and suppressing communications and alerts of other malicious behavior in those scenarios.
From a U.S. national security perspective, this attack enables the nation’s enemies to steal all manner of information, from inter-governmental communications to national secrets. Attackers can, in turn, leverage this information to influence or impact U.S. policy through malicious leaks.
The attack impacted private companies as well. Unlike government networks which isolate classified information both from the internet and non-classified material, private organizations often have critical intellectual property on the same internet-facing network they store non sensitive information. Exactly what corporate intellectual property or private data on employees has been stolen will be difficult to determine, and the full extent of theft may never be fully known.
These cyber supply chain attacks are a concern for consumers as well. In today’s highly interconnected homes, a breach of consumer electronics companies can result in attackers using their access to smart appliances such as TVs, virtual assistants, and smart phones to steal their information or act as a gateway to attack businesses while users are working remotely from home.
What makes this campaign so insidious is that the attackers used trusted SolarWinds software to infiltrate victim organizations with the SUNBURST backdoor, which then enabled the attacker to take any number of secondary steps. This could involve stealing data, destroying data, holding critical systems for ransom, orchestrating system malfunctions that could result in kinetic damage, or simply implanting additional malicious content throughout the organization to stay in control and maintain access even after the initial threat appears to have passed.
Such an attack is particularly challenging in that it raises concerns around best practices cybersecurity professionals have been trying to communicate for years. For decades, we have been saying that it is critical to patch and keep software updated. In this case, however, it was patching and bringing new software into an environment that opened organizations up to attack.
Organizations must not read into these SolarWinds-SUNBURST revelations that they should not prioritize keeping their environments up to date. Doing so would certainly open them up to a variety of other attacks.
How do we reconcile these two conflicting security viewpoints? Organizations and cybersecurity practitioners must be vigilant in their review and understanding of the software being brought into their environments. Additionally, they must identify their most critical information and data and apply the principles of least privilege to these items, ensuring that sensitive information such as national secrets and intellectual property are protected.
One additional area of concern is when software vendors are impacted. In this scenario, it is possible for there to be a daisy chain effect. The adversary could modify either source code or a development toolchain within a victim’s environment to plant additional backdoors that are then distributed to their customers.
The SolarWinds-SUNBURST campaign is like a “smart bomb” on a crowded landscape of “dumb bomb” cyber threats. WannaCry was a dumb bomb in that it was fully autonomous and indiscriminate in what it attacked. Whereas this SolarWinds-SUNBURST attack is a “precision guided” smart cyber weapon that is being used to target specific organizations in very specific ways. Every organization that is of interest to the attacker might be targeted slightly differently.
McAfee has incorporated technical indicators gleaned from the FireEye and SolarWinds incidents into our cyber defenses and solutions portfolio to protect our environment and customers. The details of these supplemental protections can be found in McAfee’s knowledge base (KB) articles KB89830 and KB93861.
Please also see the following analysis blogs focused on SolarWinds-SUNBURST:
The post Why SolarWinds-SUNBURST is a Wake up Call appeared first on McAfee Blogs.
Right now, I’m thinking about how my life changed in 2020. Not so much in the sweeping and upending ways. More in the little ways. I’m thinking about the coping ways. The cobble-it-all-together ways. The little changes to make things work ways. There were plenty. Now, with the first doses of vaccine going to those who need it most, I find myself wondering which of those little changes from 2020 will carry over into post-pandemic days.
One thing I do know, central to many of those changes was the internet.
For starters, I now have a chocolatier in my home. That’s courtesy of the online Master Classes my husband and I took—his course of study being chocolate making. (We’ll see how he tops that in 2021. Chocolate sets a pretty high bar.) Would we have taken our respective classes otherwise? Hard to say. But I will say this—it was a comfort.
I know that ordering my mother’s groceries online so she could avoid going into the store and stay safe was new. And through working online, I feel like I got invited into my team members’ homes where I had the pleasure of meeting their spouses, children and pets. Also, while I could not travel like I wanted to, I could still go exploring with virtual tours of the world’s great museums plus catch a few great dive sites without getting wet. Those were all unique to 2020 as well.
I count myself fortunate that I had those options available to me, as many people simply did not—whether because a lack of connectivity held them back, or their working situations simply could not make the jump to online. With that, I think of the essential workers, the first responders, the medical professionals of all walks, and the people who kept our communities going by being on the front lines of this pandemic. We all owe them so much, both now and moving forward.
Yet where possible, the internet responded, in the best way that it could. For those of us who saw our work, studies, and livelihoods shift online, the internet proved that it could step in. It’s been far from ideal, of course. The internet is simply no substitute for us working and being together, yet it helped so many of us face the challenges of 2020. Even if we didn’t use the internet for work or school, it helped us find employment, get care by way of telemedicine, and keep in touch thanks to free video conferencing, just to name a few things.
Put plainly, the internet helped us live our lives this year. And out of necessity, it re-shaped the way we live our lives too. So, without question, I can see some of little changes I made carrying over. My husband and I will take more Master Classes. I like the idea of helping my mom with the shopping when I can’t be with her. And I’ll keep exploring, even while that means restricting it to online for now. I’m sure you can count think of a few examples of your own too—things that made your life a little better this year and that can make the years to come better too.
Looking beyond my own homestead, I’m hoping that 2021 will prompt broader, and immensely positive, changes as part of lessons learned from 2020.
With regards to internet access, this year has underscored the internet’s role as an essential utility. It’s no longer a luxury. I predict we’ll see renewed energy in public and private partnerships that will connect more people to fixed broadband internet connections so that they can benefit from the same professional, educational, and personal opportunities that the rest of us on broadband already enjoy.
During the election year here in the U.S., there’s been plenty of conversation about the propagation of disinformation and misinformation on the internet, both by bad actors and by the unwitting parties who fall prey to their falsehoods. We covered the topic extensively in our election blogs, and I believe the ability to critically assess what we see and read on the internet is a major issue of our time, whether it’s an election year or not. Disinformation and misinformation online are here to stay, and there’s an opportunity for schools to introduce instruction on smart media consumption as part of their curriculums.
And, what about working from home? Will it become a new norm for business in some shape or other? Working from home remains a complicated conversation, as a mix of public health concerns, local mandates, and stark financial realities drove that shift to remote workforces in the first place. Now, similar questions arise as communities and economies recover. Companies will make strategic decisions about their properties, people, and how they all work together—not to mention how they ensure personal and corporate security in a remote workplace setting. If we use major outdoor retailer REI as one example, we’ll see that the answers are nuanced—particularly when the end result means selling a newly built and never-used corporate headquarters like REI did.
To bring it all back home, let’s see what’s worth carrying forward into 2021. We learned a multitude of hard lessons in 2020, and we pulled off plenty of clever moves in response. As much as we’d like to put 2020 behind us, let’s take a moment to pause and consider where some of the silver linings were and see if we can spin them into something stronger and greater in 2021.
And on a personal note I would like to end 2020 and start 2021 expressing my gratitude for the frontline workers, teachers and humanitarians who place service to society above all else. We have heroes in our midst and that is something to celebrate!
Happy New Year!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Looking Ahead to 2021: The Things We’ll Carry Forward appeared first on McAfee Blogs.
With 2021 approaching, it is a time to both reflect on the outstanding progress we have each made – personally and professionally, and warmly welcome a new chapter in 2021!
2020 has been one of the most unexpected years in our history. However, despite COVID-19, we had some amazing successes.
January brought McAfee our new CEO – Peter Leav. It’s hard to believe it has only been a year under his leadership. What an impact! And, McAfee is back on the stock exchange.
2020 has also seen the rapid acceleration of cloud adoption. Typically, a move like that involves immense planning to minimize complexity. That didn’t always happen. And, as our Advanced Threat Research team has reported, cybercriminals took full advantage of more ransomware, malware, and general bad behavior. In fact, a recent McAfee report estimates global cybercrime losses will exceed $1 Trillion. Fortunately, McAfee customers benefited from the get-go with a robust, award-winning cloud-native portfolio that became even stronger in 2020.
Shortly after Peter joined, we closed our LightPoint Acquisition, enabling us to add Remote Browser Isolation (RBI) to MVISION Unified Cloud Edge (UCE). In March, we delivered multi-vector data protection for unified and comprehensive data protection across endpoints, web, and cloud. In August, we further enhanced our MVISION UCE offering by announcing pivotal SD-WAN Technology integrations. Finally, at MPOWER, we announced the industry first integration of Remote Browser Isolation into our Unified Cloud Edge solution.
To our award-winning and unmatched MVISION Cloud solution which is natively integrated into UCE, we were the first CASB to map cloud threats to MITRE ATT&CK. Introducing MITRE ATT&CK into the MVISION Cloud workflow helps SOC analysts to investigate cloud threats and security managers defend against future attacks with increased precision. Our new MVISION Cloud Security Advisor (CSA) – provides recommendations – broken into visibility and control metrics – to help prioritize cloud security controls implementation. We also delivered MVISION Cloud for Teams, which provides policy and collaboration controls to enable organizations to safely collaborate with partners without having to worry about exposing confidential data to guest users.
MVISION Cloud received its FedRAMP High JAB P-ATO designation and McAfee MVISION for Endpoint achieved FedRAMP Moderate Authorization. Both of those are important to enable our Federal customers to take advantage of the MVISION portfolio.
All of this helps our customers accelerate the easy adoption of a more complete Secure Access Service Edge (SASE) architecture and better defend against advanced web and cloud-based threats. In fact, our MVISION UCE customers can enjoy a nearly 40% annual TCO savings when they go from on-prem to cloud.
For our customers who want cloud native IaaS security while dealing existing on-prem data center deployments, we rolled out our new McAfee MVISION Cloud-Native Application Protection Platform (CNAPP), an integrated hybrid cloud security platform for comprehensive data protection, threat prevention, governance, and compliance for the cloud-native application lifecycle. We also announced native AWS Integrations for MVISION CNAPP.
The team and I are also extremely excited about the progress with our Endpoint portfolio across ENS, EDR and momentum behind MVISION Insights.
The still unfolding SolarWinds supply chain compromise has shown how unprepared SOC teams can be and why it is ever more important to have proactive and actionable threat intelligence at your fingertips. As news of an emerging campaign becomes viral, SOC teams must answer the topical question raised by the C-level or the Board “Are we impacted” which unfortunately till now took weeks if not days of scrambling to answer. We launched MVISION Insights early this summer to solve for exactly this problem. MVISION Insights leverages McAfee’s cutting-edge threat research, augmented with AI applied to real-time telemetry streamed from over a Billion sensors to identify and prioritize threats, before they hit. MVISION Insights can predict the impact on your countermeasures, and then tells you exactly how and where to improve your security posture. In essence, it enables you to “shift left” and anticipate and stop breaches before they happen. As the SolarWinds compromise was unfolding, MVISION Insights delivered actionable threat intelligence to McAfee’s customers within hours. The fact that we now have hundreds of customers who have adopted MVISION Insights as part of their SOC framework within a few months of release is a testament to the real value add they are enjoying. Best part is that it is also free for all our customers who have our integrated EPP+EDR SKUs: MV6 or MV7.
Our latest Endpoint protection product, ENS 10.7, is stronger with the highest quality and customer satisfaction than ever. ENS 10.7 couples all our endpoint protection capabilities with machine learning, behavior monitoring, fileless threat defense and Rollback Remediation. It’s also backed by our Global Threat Intelligence (GTI) to provide adaptable, defense in depth capability against the techniques used in targeted ransomware attacks. ENS 10.7 delivers meaningful value. Rollback Remediation, for instance, can save an average $500 per node in labor and productivity costs by eliminating need to reimage machines. ENS 10.7 became generally available about a year ago and has emerged as our #1 deployed enterprise product worldwide – the fastest ramp of any ENS release.
Equally on the EDR front, we delivered capabilities that make a measurable improvement for the ever tired SOC teams. The included AI Guided investigations can speed threat investigations from greater than 2 hours to as little as 6 minutes per incident. The SolarWinds compromise also showed that Organizations need an integrated platform that delivers complete visibility and control across their infrastructure including their supply chain. The recently announced MVISION XDR builds upon our EDR solution making it easier for our customers to achieve this complete visibility and control. It extends MVISION Insights across endpoints, network and cloud, making it the first proactive XDR platform to manage your risk. MVISION XDR dramatically expands the capabilities of traditional Endpoint Detection and Response (EDR) point solutions by delivering a fully integrated, SaaS-based platform to rapidly discover and mitigate the real threats to your users and data across all threat vectors. And, complementing our MVSION XDR solution is a host of partner solutions available via MVISION Marketplace.
Finally, we rolled out the Device-to-Cloud suites, making it easier for our customers to move to a cloud-native architecture. These three SaaS offerings all feature MVISION Insights and endpoint protection to provide right-sized security solutions in a simple-to-acquire package.
I am so proud that our customers and the industry also recognize the McAfee teams’ hard work. We were able to add a long list of awards and accolades to our portfolio in 2020.
Now that we’ve looked back at our successes, let’s take a moment to look forward and set goals for ourselves in the coming year. My team and I are committed to:
Against today’s increasingly sophisticated adversaries, your success is our success.
As we head into 2021, I want to take a moment to wish each of you peace, good health, and prosperity.
Happy holidays to you and yours!
Thanks, Shishir
The post Bring on 2021! appeared first on McAfee Blogs.
No doubt, we have a lot to be hopeful for as we step into the New Year. We’ve adapted, survived, and learned to thrive under extraordinary circumstances. While faced with plenty of challenges, families successfully transitioned to working and learning from home like pros. So, as we set our intentions for 2021, we will need that same resolve to tackle growing cyber threats.
The good news: With a COVID-19 vaccine making its debut, we’re trusting there’s an end in sight to the pandemic of 2020, which may help curb a lot of our emotional as well as digital stressors.
The not-so-good-news: According to McAfee’s latest Quarterly Threat Report, pandemic-themed threats that began in 2020 will continue, specifically, phishing and malware scams targeting people working from home. According to the recent report, bad actors are especially taking advantage of the mass remote workforces.
According to Raj Samani, McAfee Fellow and Chief Scientist, “What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”
This report points inspires a few best practices for families as we launch a new year: Stay informed and keep talking about the threats and — as grandma might advise — dress in layers to protect against the elements (in this case, digital threats).
Safe Family Tips
• Use 2FA passwords. Regularly changing passwords and adding two-factor authentication (2FA) is proving to be the most effective way to thwart hackers. If you work from home, 2FA is a more secure way to access work applications. This password/username combo requires you to verify who you are with a personal device only you own puts an extra barrier between your data and a creative hacker.
• Use a VPN. If you travel or choose to work in a coffee shop, a Virtual Private Network (VPN) will give your family an encrypted channel that shields your online activity from hackers.
• Security software. If you’ve been cobbling your security plan together, consider one comprehensive security solution to help protect you from malware, phishing attacks, and viruses. Leading products such as McAfee Total protection will include safe browsing and a VPN.
The past year, while difficult, also gave us several gifts to carry into 2021. For families, it connected us with our resilience and creativity. It made us wiser, braver, and more ready for the challenges ahead, be they online or within the ebb and flow of everyday life. That’s something we can all celebrate.
The post 4 Ways to Help Your Family Combat Cyber Threats in the New Year appeared first on McAfee Blogs.
XDR (eXtended Detection and Response) is a cybersecurity acronym being used by most vendors today. It is not a new strategy. It’s been around for a while but the journey for customers and vendors has been slow for many reasons. For McAfee, XDR has been integral to our vision, strategy and design philosophy that has guided our solution development for many years. Understanding our road to XDR can help your organization map your XDR journey.
Let’s start with why XDR? The cry for XDR reflects where cybersecurity is today with fragmented, cumbersome and ineffective security and where folks want to go. In my CISO conversations it is well noted that security operation centers (SOC) are struggling. Disjointed control points and disparate tools lead to ineffective security teams. It allows adversaries to more easily move laterally across the infrastructure undetected and moving intentionally erratic to avoid detection. Analysts only know this if they manually connect the thousand dots which is time consuming leaving the adversaries with ample dwell time to do damage. It’s no secret. There is a lack of security expertise, and these are regularly tested. Their investigations are cumbersome, highly manual, and riddled with blind spots. It’s nearly impossible to prioritize efforts, leaving the SOC simply buried in reactive cycles and alert fatigue. Bottom line—SOC metrics are getting worse—while adversaries are becoming more sophisticated and creative in carrying out their mission.
XDR has the potential to be a one-stop solution to alleviating these SOC issues and improving operational inefficiencies.
Many cybersecurity providers are trying to offer an XDR capability of some sort. They promise to provide visibility and control across all vectors, and offer more analysis, context and automation to obtain faster and better response when reacting to a threat. Point players are limited to expertise in their domain (endpoint or network) and can’t offer a critical, proven cross-portfolio platform. After all, can your endpoint platform offer true XDR functionality it it’s not also connected to network, cloud and web?
McAfee’s long-time mantra has been Better Together. That mantra underscores our commitment to deliver comprehensive security that works cohesively across all threat vectors – device, network, web and cloud and with non-McAfee products. Industry analysts and customers agree that McAfee is well positioned to deliver a solid XDR offering given our platform strategy and portfolio.
Now, what if you had that same comprehensive XDR capability that not only offered visibility and control across the vectors, but also allows you to get ahead of adversary and empowering you to be more proactive. It could give you a heads up on threats that are likely to attack you based on global and industry trends, based on what your local environment looks like. With this highly credible prediction comes the prescribed guidance on how to counter the threat before it hits you. Imagine it also supplies prescriptive actions you can take to protect your users, data, applications and devices spanning from device to cloud. Other XDR conversations can’t take the conversation to this level of proactivity. McAfee can in our recently announced MVISION XDR.
Not only does McAfee take XDR to the next level, but it also helps you better mitigate cyber risk by enabling you to prioritize and focus on what most matters. What if your threat response was prioritized based on the impact to the organization? You need to understand what the attackers are targeting. How close are they to the most sensitive data based on the users and devices? MVISION XDR offers this context and data-awareness to focus your analysts on what counts. For example, threats that jeopardize sensitive data from a finance executive on his device will automatically be of priority versus a maybe threat on general purpose device with no data. This data-awareness is not noted well in other XDR conversations, but it is with recently announced MVISION XDR.
Let’s look at McAfee’s journey and investment with XDR and how we got to this exceptional XDR approach.
McAfee’s XDR Journey did not simply start up recently because a buzz word appeared that needed to spoke to. As noted earlier, McAfee’s mantra “Together is Better” sets the stage for a unified security approach, which is core to the XDR promise. McAfee recognized early on that multi-vendors security ecosystem is a key requirement to build a defense in depth security practice. OpenDXL the open-source community delivered the data exchange layer or the DXL message bus architecture. This enabled our diverse ecosystem of partners from threat intelligence platforms, to orchestration tools to use a common transport mechanism and information exchange protocol. Most enterprise security architectures will be a heterogenous mix of various security solutions. McAfee is one of the founding members of the Open CyberSecurity Alliance (OCA) where we contributed our DXL ontology – enabling participating vendors to not only communicate vital threat details but inform what to do to all connected multi-vendor security solutions.
Realizing EDR is network blind and SIEM is endpoint blind, we integrated McAfee EDR and SIEM. McAfee continues to deliver XDR capabilities by bringing multiple telemetry sources on a platform from a single console for analytics and investigation, driving remediation decisions with automatic enforcement across the enterprise. When you combine MVISION XDR the first proactive, data-aware and open XDR and released MVISION Marketplace and API further supporting the open security ecosystem for XDR capabilities, organizations have a solid starting point to advance their visibility and control across their entire cyber infrastructure.
Before all the XDR hype, McAfee customers have been on the XDR path. Our customers have already gained XDR capabilities and are positioned to grow with more XDR capabilities. I encourage you to check out the video below.
The post The Road to XDR appeared first on McAfee Blogs.
This post was also written by Darragh McMahon
At McAfee, we adhere to a set of core values and principles – We Put the Customer at The Core, We Achieve Excellence with Speed and Agility, We Play to Win or We Don’t Play, We Practice Inclusive Candor and Transparency.
And reaching the ISO 27701 enshrines all of these values.
For those who are not familiar with it, the ISO 27701 is the industry leading certification for information security & privacy management. Achieving the ISO 27701 certification demonstrates that McAfee is able to protect personal data, thanks to a multidisciplinary effort coupled with cross-functional expertise. Because yes, We Play to Win or We Don’t Play.
Over the past years, and all around the world, lawmakers and regulators have been and continue to introduce new laws governing the processing of personal data (such as those adopted in Australia, Brazil, Singapore and Canada) -the GDPR and the CCPA are only few of these. This changing legal environment raises challenges for all businesses, but especially those that must comply globally with regulations in multiple jurisdictions. Compliance to requirements and controls of ISO 27701 is relevant to support the fulfillment of obligations to articles 5 to 49 (except 43) of the GDPR. The application of the ISO 27701 standard can also be used for supporting compliance with other data privacy laws. Because yes, We Practice Inclusive Candor and Transparency.
The ISO 27701 Standard has been published in August 2019, and all companies, whether vendors or customers, should look into it. At the time of certification by McAfee’s assessment firm[1], McAfee is one of the very first companies to achieve the certification within the cyber-security industry. Because yes, not only do We Achieve Excellence with Speed and Agility, but We also Put the Customer at the Core.
Key requirements include, but are not limited to:
McAfee’s ISO 27701 certificate, along with its other certificates, is publicly available at trust.mcafee.com/privacy-compliance
[1] Schellman, December 2020
The post McAfee Welcomes its ISO 27701 Certificate! appeared first on McAfee Blogs.
The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector – the supply chain – that will continue to be exploited.
The ever-increasing use of connected devices, apps and web services in our homes will also make us more susceptible to digital home break-ins. This threat is compounded by many individuals continuing to work from home, meaning this threat not only impacts the consumer and their families, but enterprises as well.
Attacks on cloud platforms and users will evolve into a highly polarized state where they are either “mechanized and widespread” or “sophisticated and precisely handcrafted”.
Mobile users will need to beware of phishing or smishing messages aimed at exploiting and defrauding them through mobile payment services.
The use of QR codes has notably accelerated during the pandemic, raising the specter of a new generation of social engineering techniques that seek to exploit consumers and gain access to their personal data.
Finally, the most sophisticated threat actors will increasingly use social networks to target high value individuals working in sensitive industry sectors and roles.
A new year offers hope and opportunities for consumers and enterprises, but also more cybersecurity challenges. I hope you find these helpful in planning your 2021 security strategies.
–Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research
Twitter @Raj_Samani
1. |
Supply Chain Backdoor Techniques to Proliferate |
On December 13, 2020, the cybersecurity industry learned nation-state threat actors had compromised SolarWinds’s Orion IT monitoring and management software and used it to distribute a malicious software backdoor called SUNBURST to dozens of that company’s customers, including several high-profile U.S. government agencies.
This SolarWinds-SUNBURST campaign is the first major supply chain attack of its kind and has been referred to by many as the “Cyber Pearl Harbor” that U.S. cybersecurity experts have been predicting for a decade and a half.
The campaign also represents a shift in tactics where nation state threat actors have employed a new weapon for cyber-espionage. Just as the use of nuclear weapons at the end of WWII changed military strategy for the next 75 years, the use of a supply chain attack has changed the way we need to consider defense against cyber-attacks.
This supply chain attack operated at the scale of a worm such as WannaCry in 2017, combined with the precision and lethality of the 2014 Sony Pictures or 2015 U.S. government Office of Personnel Management (OPM) attacks.
Within hours of its discovery, the magnitude of the campaign became frighteningly clear to organizations responsible for U.S. national security, economic competitiveness, and even consumer privacy and security.
It enables U.S. adversaries to steal all manners of information, from inter-governmental communications to national secrets. Attackers can, in turn, leverage this information to influence or impact U.S. policy through malicious leaks. Every breached agency may have different secondary cyber backdoors planted, meaning that there is no single recipe to evict the intrusion across the federal government.
While some may argue that government agencies are legitimate targets for nation-state spy craft, the campaign also impacted private companies. Unlike government networks which store classified information on isolated networks, private organizations often have critical intellectual property on networks with access to the internet. Exactly what intellectual property or private data on employees has been stolen will be difficult to determine, and the full extent of the theft may never be known.
This type of attack also poses a threat to individuals and their families given that in today’s highly interconnected homes, a breach of consumer electronics companies can result in attackers using their access to smart appliances such as TVs, virtual assistants, and smart phones to steal their information or act as a gateway to attack businesses while users are working remotely from home.
What makes this type of attack so dangerous is that it uses trusted software to bypass cyber defenses, infiltrate victim organizations with the backdoor and allow the attacker to take any number of secondary steps. This could involve stealing data, destroying data, holding critical systems for ransom, orchestrating system malfunctions that result in kinetic damage, or simply implanting additional malicious content throughout the organization to stay in control even after the initial threat appears to have passed.
McAfee believes the discovery of the SolarWinds-SUNBURST campaign will expose attack techniques that other malicious actors around the world will seek to duplicate in 2021 and beyond.
2. |
Hacking the Home to Hack the Office |
By Suhail Ansari, Dattatraya Kulkarni and Steve Povolny
While the threat to connected homes is not new, what is new is the emergence of increased functionality in both home and business devices, and the fact that these devices connect to each other more than ever before. Compounding this is the increase in remote work – meaning many of us are using these connected devices more than ever.
In 2020,the global pandemic shifted employees from the office to the home, making the home environment a work environment. In fact, since the onset of the coronavirus pandemic, McAfee Secure Home Platform device monitoring shows a 22% increase in the number of connected home devices globally and a 60% increase in the U.S. Over 70% of the traffic from these devices originated from smart phones, laptops, other PCs and TVs, and over 29% originated from IoT devices such as streaming devices, gaming consoles, wearables, and smart lights.
McAfee saw cybercriminals increase their focus on the home attack surface with a surge in various phishing message schemes across communications channels. The number of malicious phishing links McAfee blocked grew over 21% from March to November, at an average of over 400 links per home.
This increase is significant and suggests a flood of phishing messages with malicious links entered home networks through devices with weaker security measures.
Millions of individual employees have become responsible for their employer’s IT security in a home office filled with “soft” targets, unprotected devices from the kitchen, to the family room, to the bedroom. Many of these home devices are “orphaned” in that their manufacturers fail to properly support them with security updates addressing new threats or vulnerabilities.
This contrasts with a corporate office environment filled with devices “hardened” by enterprise-grade security measures. We now work with consumer-grade networking equipment configured by “us” and lacking the central management, regular software updates and security monitoring of the enterprise.
Because of this, we believe cybercriminals will advance the home as an attack surface for campaigns targeting not only our families but also corporations. The hackers will take advantage of the home’s lack of regular firmware updates, lack of security mitigation features, weak privacy policies, vulnerability exploits, and user susceptibility to social engineering.
By compromising the home environment, these malicious actors will launch a variety of attacks on corporate as well as consumer devices in 2021.
3. |
Attacks on Cloud Platforms Become Highly Mechanized and Handcrafted |
By Sandeep Chandana
The COVID-19 pandemic has also hastened the pace of the corporate IT transition to the cloud, accelerating the potential for new corporate cloud-related attack schemes. With increased cloud adoption and the large number of enterprises working from home, not only is there a growing number of cloud users but also a lot more data both in motion and being transacted.
McAfee cloud usage data from more than 30 million McAfee MVISION Cloud users worldwide shows a 50% increase overall in enterprise cloud use across all industries the first four months of 2020. Our analysis showed an increase across all cloud categories, usage of collaboration services such as Microsoft O365 by 123%, increase in use of business services such as Salesforce by 61% and the largest growth in collaboration services such as Cisco Webex (600%), Zoom (+350%), Microsoft Teams (+300%), and Slack (+200%). From January to April 2020, corporate cloud traffic from unmanaged devices increased 100% across all verticals.
During the same period, McAfee witnessed a surge in attacks on cloud accounts, an estimated 630% increase overall, with variations in the sectors that were targeted. Transportation led vertical industries with a 1,350% increase in cloud attacks, followed by education (+1,114%), government (+773%), manufacturing (+679%), financial services (+571%) and energy and utilities (+472%).
The increasing proportion of unmanaged devices accessing the enterprise cloud has effectively made home networks an extension of the enterprise infrastructure. Cybercriminals will develop new, highly mechanized, widespread attacks for better efficacy against thousands of heterogenous home networks.
One example could be a widespread brute force attack against O365 users, where the attacker seeks to leverage stolen credentials and exploit users’ poor practice of re-using passwords across different platforms and applications. As many as 65% of users reuse the same password for multiple or all accounts according to a 2019 security survey conducted by Google. Where an attacker would traditionally need to manually encode first and last name combinations to find valid usernames, a learning algorithm could be used to predict O365 username patterns.
Additionally, cybercriminals could use AI and ML to bypass traditional network filtering technologies deployed to protect cloud instances. Instead of launching a classic brute force attack from compromised IPs until the IPs are blocked, resource optimization algorithms will be used to make sure the compromised IPs launch attacks against multiple services and sectors, to maximize the lifespan of compromised IPs used for the attacks. Distributed algorithms and reinforcement learning will be leveraged to identify attack plans primarily focused on avoiding account lockouts.
McAfee also predicts that, as enterprise cloud security postures mature, attackers will be forced to handcraft highly targeted exploits for specific enterprises, users and applications.
The recent Capital One breach was an example of an advanced attack of this kind. The attack was thoroughly cloud-native. It was sophisticated and intricate in that a number of vulnerabilities and misconfigurations across cloud applications (and infrastructure) were exploited and chained. It was not a matter of chance that the hackers were successful, as the attack was very well hand-crafted.
We believe attackers will start leveraging threat surfaces across devices, networks and the cloud in these ways in the months and years ahead.
4. |
New Mobile Payment Scams |
By Suhail Ansari and Dattatraya Kulkarni
Mobile payments have become more and more popular as a convenient mechanism to conduct transactions. A Worldpay Global Payments Report for 2020 estimated that 41% of payments today are on mobile devices, and this number looks to increase at the expense of traditional credit and debit cards by 2023. An October 2020 study by Allied Market Research found that the global mobile payment market size was valued at $1.48 trillion in 2019, and is projected to reach $12.06 trillion by 2027, growing at a compound annual growth rate of 30.1% from 2020 to 2027.
Additionally, the COVID-19 pandemic has driven the adoption of mobile payment methods higher as consumers have sought to avoid contact-based payments such as cash or physical credit cards.
But fraudsters have followed the money to mobile, pivoting from PC browsers and credit cards to mobile payments. According to research by RSA’s Fraud and Risk Intelligence team, 72% of cyber fraud activity involved the mobile channel in the fourth quarter of 2019. The researchers observed that this represented “the highest percentage of fraud involving mobile apps in nearly two years and underscores a broader shift away from fraud involving web browsers on PCs.”
McAfee predicts there will be an increase in “receive”-based mobile payment exploits, where a user receives a phishing email, direct message or smishing message telling him that he can receive a payment, transaction refund or cash prize by clicking on a malicious payment URL. Instead of receiving a payment, however, the user has been conned into sending a payment from his account.
This could take shape in schemes where fraudsters set up a fake call center using a product return and servicing scam, where the actors send a link via email or SMS, offering a refund via a mobile payment app, but the user is unaware that they are agreeing to pay versus receiving a refund. The figures below show the fraudulent schemes in action.
Mobile wallets are making efforts to make it easier for users to understand whether they are paying or receiving. Unfortunately, as the payment methods proliferate, fraudsters succeed in finding victims who either cannot distinguish credit from debit or can be prompted into quick action by smart social engineering.
Governments and banks are making painstaking efforts to educate users to understand the use of one-time passwords (OTPs) and that they should not be shared. Adoption of frameworks such as caller ID authentication (also known as STIR/SHAKEN) help in ensuring that the caller ID is not masked by fraudsters, but they do not prevent a fraudster from registering an entity that has a name close to the genuine provider of service.
In the same way that mobile apps have simplified the ability to conduct transactions, McAfee predicts the technology is making it easier to take advantage of the convenience for fraudulent purposes.
5. |
Qshing: QR Code Abuse in the Age of COVID |
By Suhail Ansari and Dattatraya Kulkarni
The global pandemic has created the need for all of us to operate and transact in all areas of our lives in a “contactless” way. Accordingly, it should come as no surprise that QR codes have emerged as a convenient input mechanism to make mobile transactions more efficient.
QR code usage has proliferated into many areas, including payments, product marketing, packaging, restaurants, retail, and recreation just to name a few. QR codes are helping limit direct contact between businesses and consumers in every setting from restaurants to personal care salons, to fitness studios. They allow them to easily scan the code, shop for services or items offered, and easily purchase them.
A September 2020 survey by MobileIron found that 86% of respondents scanned a QR code over the course of the previous year and over half (54%) reported an increase in the use of such codes since the pandemic began. Respondents felt most secure using QR codes at restaurants or bars (46%) and retailers (38%). Two-thirds (67%) believe that the technology makes life easier in a touchless world and over half (58%) wish to see it used more broadly in the future.
In just the area of discount coupons, an estimated 1.7 billion coupons using QR codes were scanned globally in 2017, and that number is expected to increase by a factor of three to 5.3 billion by 2022. In just four years, from 2014 to 2018, the use of QR codes on consumer product packaging in Korea and Japan increased by 83%. The use of QR codes in such “smart” packaging is increasing at an annual rate of 8% globally.
In India, the government’s Unique Identification Authority of India (UIDAI) uses QR codes in association with Aadhaar, India’s unique ID number, to enable readers to download citizens’ demographic information as well as their photographs.
However, the technicalities of QR codes are something of a mystery to most users, and that makes them potentially dangerous if cybercriminals seek to exploit them to target victims.
The MobileIron report found that whereas 69% of respondents believe they can distinguish a malicious URL based on its familiar text-based format, only 37% believe they can distinguish a malicious QR code using its unique dot pattern format. Given that QR codes are designed precisely to hide the text of the URL, users find it difficult to identify and even suspect malicious QR codes.
Almost two-thirds (61%) of respondents know that QR codes can open a URL and almost half (49%) know that a QR code can download an application. But fewer than one-third (31%) realize that a QR code can make a payment, cause a user to follow someone on social media (22%), or start a phone call (21%). A quarter of respondents admit scanning a QR code that did something unexpected (such as take them to a suspicious website), and 16% admitted that they were unsure if a QR code actually did what it was intended to do.
It is therefore no surprise that QR codes have been used in phishing schemes to avoid anti-phishing solutions’ attempts to identify malicious URLs within email messages. They can also be used on webpages or social media.
In such schemes, victims scan fraudulent QRs and find themselves taken to malicious websites where they are asked to provide login, personal info, usernames and passwords, and payment information, which criminals then steal. The sites could also be used to simply download malicious programs onto a user’s device.
McAfee predicts that hackers will increasingly use these QR code schemes and broaden them using social engineering techniques. For instance, knowing that business owners are looking to download QR code generator apps, bad actors will entice consumers into downloading malicious QR code generator apps that pretend to do the same. In the process of generating the QR code (or even pretending to be generating the correct QR code), the malicious apps will steal the victim’s sensitive data, which scammers could then use for a variety of fraudulent purposes.
Although the QR codes themselves are a secure and convenient mechanism, we expect them to be misused by bad actors in 2021 and beyond.
6. |
Social Networks as Workplace Attack Vectors |
By Raj Samani
Cyber adversaries have traditionally relied heavily on phishing emails as an attack vector for compromising organizations through individual employees. However, as organizations have implemented spam detection, data loss prevention (DLP) and other solutions to prevent phishing attempts on corporate email accounts, more sophisticated adversaries are pivoting to target employees through social networking platforms to which these increasingly effective defenses cannot be applied.
McAfee has observed such threat actors increasingly using the messaging features of LinkedIn, What’s App, Facebook and Twitter to engage, develop relationships with and then compromise corporate employees. Through these victims, adversaries compromise the broader enterprises that employ them. McAfee predicts that such actors will seek to broaden the use of this attack vector in 2021 and beyond for a variety of reasons.
Malicious actors have used the social network platforms in broad scoped schemes to perpetrate relatively low-level criminal scams. However, prominent actors such as APT34, Charming Kitten, and Threat Group-2889 (among others) have been identified using these platforms for higher-value, more targeted campaigns on the strength of the medium’s capacity for enabling customized content for specific types of victims.
Operation North Star demonstrates a state-of-the-art attack of this kind. Discovered and exposed by McAfee in August 2020, the campaign showed how lax social media privacy controls, ease of development and use of fake LinkedIn user accounts and job descriptions could be used to lure and attack defense sector employees.
Just as individuals and organizations engage potential consumer customers on social platforms by gathering information, developing specialized content, and conducting targeted interactions with customers, malicious actors can similarly use these platform attributes to target high value employees with a deeper level of engagement.
Additionally, individual employees engage with social networks in a capacity that straddles both their professional and personal lives. While enterprises assert security controls over corporate-issued devices and place restrictions on how consumer devices access corporate IT assets, user activity on social network platforms is not monitored or controlled in the same way. As mentioned, LinkedIn and Twitter direct messaging will not be the only vectors of concern for the corporate security operations center (SOC).
While it is unlikely that email will ever be replaced as an attack vector, McAfee foresees this social network platform vector becoming more common in 2021 and beyond, particularly among the most advanced actors.
The post 2021 Threat Predictions Report appeared first on McAfee Blogs.
2020 was unexpectedly defined by a global pandemic. Throughout the year, we have all had to figure out how to best live our lives online – from working from home to distance learning to digitally connecting with loved ones. As 2020 comes to a close, we must ask: will this new normal continue into 2021, and how will it affect how we connect – both with each other and with our online world?
McAfee assessed the cybersecurity landscape as we head into the New Year, highlighting the key takeaways we should keep in mind to help protect our digital lives:
Home is a safe space – or is it? With more consumers living and working from home, we have seen an increase in connected devices within the home. In fact, since the onset of the coronavirus pandemic, McAfee Secure Home Platform device monitoring shows a 22% increase in the number of connected home devices globally and a 60% increase in the U.S. These trends are also carrying over into mobile shopping habits. Almost 80% of shoppers have found themselves using their IoT devices to make more purchases since the beginning of the pandemic. The evolving world of the connected lifestyle gives hackers more potential entry points to homes and consumers information- through devices, apps and web services- and in 2021, we will be monitoring how this trend evolves.
With more of us working remotely, distance learning, and seeking online entertainment, cybercriminals will look to exploit our vulnerabilities. For example, remote employees are more likely to use personal devices while working and log onto home networks that are not fully secured. What’s more, many of the systems behind consumer networks have not had their passwords changed from the default settings since it was first introduced into the home . If a criminal can use the default credentials to hack the consumer’s network infrastructure, they may also gain access to other network devices – whether they are used for school, work, or leisure.
Touchless solutions for payments are becoming more popular as we all navigate the curveballs of COVID-19. Mobile payment apps provide the convenience of both paying for services and receiving payments without the hazards of touching cases or credit and debit cards. However, fraudsters are also following the money to mobile, as research by RSA’s Fraud and Risk Intelligence team shows that 72% of cyber fraud activity involved mobile in the fourth quarter of 2019. McAfee predicts an increase in “receive”-based exploits in 2021, since they provide a quick and easily entry for fraudsters to scam unsuspicious consumers by combining phishing with payment URLs.
Imagine receiving an email stating that you’re receiving a refund for a concert that was canceled due to COVID-19. The email instructs you to click on the URL in the next message, fill in your bank information, and “accept the refund.” But instead of getting your money back, you find that you’ve handed over your financial data to scammers. As we continue to adopt mobile payment methods in 2021, it’s important to remember that hackers will likely take advantage of these convenient touchless systems.
With the pandemic, more industries have QR codes to make our lives easier- with Statista reporting that over 11 million US households are expected to scan QR codes by 2020. From restaurants to personal care salons to fitness studies, QR codes help limit direct contact with consumers – you easily scan the code, see services/items offered, and select and purchase your desired items. But do you stop and think about how this might be putting your personal data at risk? As it turns out, QR codes provide scammers with a new avenue for disguising themselves as legitimate businesses and spreading malicious links.
Scammers are quick to exploit popular or new technology for their malicious tricks, and QR codes are no different. In fact, McAfee predicts that hackers will find opportunities to use social engineering to gain access to our personal data in a single scan. Take restaurant owners looking to make QR codes that give us quick access to their menus. Knowing that these business owners are looking to download apps that generate QR codes, bad actors are predicted to entice them into downloading malicious apps that pretend to do the same.
But instead of generating a code, the app will steal the owner’s data, which scammers could then use to trick loyal diners like you and me. Once a hacker gains access to the restaurant’s customer database, they can use this information to launch phishing scams under the guise of our favorite local eateries.
To help ensure that you are one step ahead of cybercriminals in the upcoming year, make a resolution to adopt the following online security practices and help protect your digital life:
If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without clicking. This will allow you to see a link preview and check for any typos or grammatical errors – both of which are typical signs of a phishing link. If the URL looks suspicious, don’t interact with it and delete the message altogether.
When setting up a new IoT device, network, or online account, always change the default credentials to a password or passphrase that is strong and unique. Using different passwords or passphrases for each of your online accounts helps protect the majority of your data if one of your accounts becomes vulnerable.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Top Security Threats to Look Out for in 2021 appeared first on McAfee Blogs.
As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the digital realm as it has in the physical world. From low level fraudsters leveraging the pandemic as a vehicle to trick victims into parting with money for non-existent PPE, to more capable actors using malware that has considerably less prevalence in targeted campaigns. All of which has been played out at a time of immense personal and professional difficulties for millions of us across the world.
What started as a trickle of phishing campaigns and the occasional malicious app quickly turned to thousands of malicious URLs and more-than-capable threat actors leveraging our thirst for more information as an entry mechanism into systems across the world. There is no question that COVID was the dominant theme of threats for the year, and whilst the natural inclination will be to focus entirely on such threats it is important to recognise that there were also very capable actors operating during this time.
For the first time we made available a COVID-19 dashboard to complement our threat report to track the number of malicious files leveraging COVID as a potential lure. What this allows is real time information on the prevalence of such campaigns, but also clarity about the most targeted sectors and geographies. Looking at the statistics from the year clearly demonstrates that the overarching theme is that the volume of malicious content increased.
Whilst of course this a major concern, we must recognise that there were also more capable threat actors operating during this time.
The latter part of 2020 saw headlines about increasing ransom demands and continued successes from ransomware groups. An indication as to the reason why was provided in early 2020 in a blog published by Thomas Roccia that revealed “The number of RDP ports exposed to the Internet has grown quickly, from roughly three million in January 2020 to more than four and a half million in March.”
With RDP a common entry vector used predominantly by post intrusion ransomware gangs, there appears some explanation as to the reason why we are seeing more victims in the latter part of 2020. Indeed, in the same analysis from Thomas we find that the most common passwords deployed for RDP are hardly what we would regard as strong.
If we consider the broader landscape of RDP being more prevalent (we have to assume due to the immediate need for remote access due to the lockdowns across the globe), the use of weak credentials, then the success of ransomware groups become very evident. Indeed, later in the year we detailed our research into the Netwalker ransomware group that reveals the innovation, affiliate recruitment and ultimately financial success they were able to gain during the second quarter of 2020.
The year also provided us with the added gifts of major vulnerabilities. In August, for example, there was a series of zero-day vulnerabilities in a widely used, low-level TCP/IP software library developed by Treck, Inc. Known as Ripple 20, the affect to hundreds of millions of devices resulted in considerable concern related to the wider supply chain of devices that we depend upon. In collaboration with JSOF, the McAfee ATR team developed a Detection Logic and Signatures for organizations to detect these vulnerabilities.
Of course the big vulnerabilities did not end there; we had the pleasure of meeting BadNeighbour, Drovorub, and so many more. The almost seemingly endless stream of vulnerabilities with particularly high CVSS Scores has meant that the need to patch very high on the list of priorities.
As we closed out 2020, we were presented with details of ‘nation states’ carrying out sophisticated attacks. Whilst under normal circumstances such terminology is something that should be avoided, there is no question that the level of capability we witness from certain threat campaigns are a world away from the noisy COVID phishing scams.
In August of 2020, we released the MVISION Insights dashboard which provides a free top list of campaigns each week. This includes, most recently, tracking against the SUNBURST trojan detailed in the SolarWinds attack, or the tools stolen in the FireEye breach. What this demonstrates is that whilst prevalence is a key talking point, there exists capable threat actors targeting organizations with real precision.
For example, the Operation North Star campaign in which the threat actors deployed an Allow and Block list of targets in order to limit those they would infect with a secondary implant.
The term sophisticated is overused, and attribution is often too quickly relegated to the category of nation state. However, the revelations have demonstrated that there are those campaigns where the attack did use capabilities not altogether common and we are no doubt witnessing a level of innovation from threat groups that is making the challenge of defence harder.
What is clear is that 2020 was a challenging year, but as we try and conclude what 2021 has in store, we have to celebrate the good news stories. From initiatives such as No More Ransom continuing to tackle ransomware, to the unprecedented accessibility of tools that we can all use to protect ourselves (e.g. please check ATR GitHub repo, but recognise there are more).
Our experts share their 2021 predictions for the new year and how to protect yourself and your enterprise.
The post A Year in Review: Threat Landscape for 2020 appeared first on McAfee Blogs.
Typically, the International Consumer Electronics Show (CES) gives us a sense of where technology is going in the future. However, this year’s show was arguably more about technology catching up with how the COVID-19 pandemic has reshaped our lives. While gathering in person was not an option, we still had the opportunity to witness incredible technological feats virtually – primarily those meant to help us better adapt to the new normal.
From devices aimed at making the world more sanitary to new work-from-home solutions, here are some of the highlights from this year’s first ever virtual CES:
Every year, CES introduces a plethora of smart home devices aimed at making our lives easier. But now that our homes have expanded beyond where we live to function as a workplace and classroom, companies have developed new gadgets to improve our lives while we stay at home. In fact, the smart home market grew 6.7% from 2019 to 2020 to $88 billion and is expected to reach $246.42 billion by 2025.
This year, Kohler showed off voice control features for its sinks and other fixtures, so homeowners can turn on faucets without touching them. And while every CES is paved with an array of flashy new TVs, LG drummed up lots of excitement with its new 55-inch transparent TV that you can see through when it’s turned off.
From monitors to keyboards and Wi-Fi upgrades to charging stations, plenty of the gadgets coming out of this year’s show were designed to improve the remote work experience. Take Dell’s UltraSharp 40-inch Curved Ultrawide U4021QW Monitor, for example. Ultrawide is the functional equivalent of two 4K monitors side-by-side, but without the seam. Belkin and Satechi also brought their latest charging stations to CES 2021 to improve the home office, allowing users to charge multiple devices at once. With so many companies creating innovative devices to make our work-from-home lives more manageable in the long run, it’s clear that remote work is likely here to stay.
CES 2021 also brought us a whole new lineup of technology designed to help us monitor our health at home. Fluo Labs debuted Flō, a device that stops your body from releasing histamines when pollen, dust, and other allergens enter your body. HD Medical also introduced HealthyU, a device smaller than a GoPro that includes a seven-lead ECG, a temperature sensor, a pulse oximeter, microphones to record heart and lung sounds, a heart rate monitor, and a blood pressure sensor. HealthyU is designed for people with heart issues to keep tabs on their health every day and send that information to their doctors remotely. Not only will these devices enable us to take better care of ourselves if we can’t physically go to a doctor’s office, but they will also enhance our awareness of ourselves and our loved ones.
In 2020, we became hyper-aware of germs and how they can easily spread – one of those ways being on digital devices. While disinfecting these surfaces with an alcohol solution can help, many look to taking a different approach to avoid germ-spreading: touchless technology.
While no one technology can win the battle against the virus, many companies are doing their part to promote a cleaner, healthier future. For example, Plott built a doorbell called the Ettie that can take people’s temperature before they’re allowed to enter. Another company, Alarm.com, created a Touchless Video Doorbell to cut down on the transmission of bacteria and viruses that we otherwise often leave on places we touch. Kohler also built a toilet that flushes with the wave of a hand. As we head further into 2021 and beyond, be on the lookout for more voice-activated and touchless devices to help slow the spread of germs and help us live our lives free from worry.
We’ve become more reliant on technology than ever before to stay connected with loved ones from afar, work from home without missing a beat, participate in distance learning, and find new forms of digital entertainment. But with this increase in time spent online comes a greater risk of cyberthreats, and we must stay vigilant when it comes to protecting our online safety. Hackers continue to adapt their techniques to take advantage of users spending more time online, so we must educate and protect ourselves and our devices from emerging threats. This way, we can continue to embrace new technologies, while we live our digital lives free from worry.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post CES 2021: Highlights From the “Cleanest” Show Yet! appeared first on McAfee Blogs.
Today, we celebrate the life and legacy of Dr. Martin Luther King Jr. Dr. King diligently dedicated his life to dismantling systemic racism affecting marginalized groups and leading a peaceful movement to promote equality for all Americans, irrespective of color and creed. He leaves behind a legacy of courage, strength, perseverance, and a life-long dedication to pursuing a fair and just world.
At McAfee, we honor the diverse voices which make up our company and encourage every team member to bring their authentic selves to the workplace. We believe that our collective voice and action can make a difference in creating a more equal and unified world.
On this day, we commemorate MLK by honoring the man behind the message of equality. Members of the McAfee African Heritage Community share their perspectives on the impact that Martin Luther King Jr. has had on their lives and what this day means to them.
Alexus, Software Sales Engineer
When I think about what Martin Luther King Jr. Day means to me, I think of it as a time to reflect and think about the progress we have made as citizens of this country. We have made great strides, but there is much more that needs to be done for equality and justice.
I honor Martin Luther King Jr. by being of service to others around me.
I celebrate Martin Luther King Jr. Day by using my voice to uplift others.
Martin Luther King Jr. inspires me to be a man of excellence and courage.
Denise, People Operations Program ManagerFor me, Martin Luther King Jr. Day is a reminder of how far we’ve come, and how far we still have to go as a society – especially in today’s time of social unrest. Some of Dr. King’s most poignant quotes are still so applicable and impactful today.
For example – “People fail to get along because they fear each other; they fear each other because they don’t know each other; they don’t know each other because they have not communicated with each other.”
I honor Martin Luther King Jr. by doing what I can to have a positive impact on the lives of others.
I celebrate Martin Luther King Jr. Day by looking for areas to give back and serve.
Martin Luther King Jr. inspires me to do better, be better and influence the world around me accordingly.
Kristol, Global Sales Operations ManagerMLK Jr. Day is a reminder of the influence ONE person can have on people, perspectives, and shaping a platform. It means that my voice matters and that I have a right to live my dream—a dream that we continue to fight for today.
I honor Martin Luther King Jr. by never giving up on my dreams.
I celebrate Martin Luther King Jr. Day by freely bringing my authentic self to work, home and the community every day.
Martin Luther King Jr. inspires me to be a courageous, strategic and compassionate leader.
Le Var, Customer Success Manager
MLK Day always drives me to think about Dr. King’s dream and the work of the civil rights movement. I then look for ways I can make an impact in my local community to continue the work of those before me.
I honor Martin Luther King Jr. by passing the baton and sharing his dream to the next generation, molding my children to understand the past, and continuing to push Dr. King’s dream for future decades.
I celebrate Martin Luther King Jr. Day by researching African American history in an effort to broaden my own knowledge and share information I’ve learned with my peers.
Martin Luther King Jr. inspires me to make a positive impact on the community I live in. Much like Dr. King, I am one man who strives to be the dream of my ancestors. Individually, I can move boulders, but collectively, we can move mountains.
Lynne, EVP of Enterprise Global Sales and Marketing and Executive Sponsor
Martin Luther King Jr. Day means a chance to celebrate the legacy of a man who was a pivotal leader of the civil rights movement, hope and healing. Though his life was a short one, his impact was great, and there are so many lessons to learn from the words that MLK Jr. has left with us.
I honor Martin Luther King Jr. by showing up as an ally who’s ready to listen and take action.
I celebrate Martin Luther King Jr. Day by reflecting on the wise lessons shared by Martin Luther King Jr. and making it a point to have conversations about his impact.
Martin Luther King Jr. inspires me to use my voice to encourage conversation, connection and community.
Dr. Martin Luther King Jr.’s Biography
5 of Martin Luther King Jr.’s Most Memorable Speeches
MLK Day Playlist: 10 Songs in Honor of Dr. King
Interested in joining a company that celebrates diverse voices and promotes meaningful change in our world? Explore our career opportunities. Subscribe to job alerts.
The post Honoring Martin Luther King Jr.’s Legacy with McAfee’s African Heritage Community appeared first on McAfee Blogs.
Depending on your life experiences, the phrase (or country song by Eric Church) “two pink lines” may bring up a wide range of powerful emotions. I suspect, like many fathers and expecting fathers, I will never forget the moment I found out my wife was pregnant. You might recall what you were doing, or where you were and maybe even what you were thinking. As a professional ethical hacker, I have been told many times – “You just think a little differently about things.” I sure hope so, since that’s my day job and sure enough this experience wasn’t any different. My brain immediately asked the question, “How am I going to ensure my family is protected from a wide range of cyberthreats?” Having a newborn opens the door to all sorts of new technology and I would be a fool not to take advantage of all devices that makes parenting easier. So how do we do this safely?
The security industry has a well-known concept called the “principle of least privilege. “This simply means that you don’t give a piece of technology more permissions or access than it needs to perform its primary function. This can be applied well beyond just technology that helps parents; however, for me it’s of extra importance when we talk about our kids. One of the parenting classes I took preparing for our newborn suggested we use a baby tracking phone app. This was an excellent idea, since I hate keeping track of anything on paper. So I started looking at a few different apps for my phone and discovered one of them asked for permission to use “location services,” also known as GPS, along with access to my phone contacts. This caused me to pause and ask: Why does an app to track my baby’s feeding schedule need to know where I am? Why does it need to know who my friends are? These are the types of questions parents should consider before just jumping into the hottest new app. For me, I found a different, less popular app which has the same features, just with a little less access.
It’s not always as easy to just “find something else.” In my house, “if momma ain’t happy, nobody is happy.” So, when my wife decided on a specific breast pump that came with Bluetooth and is internet enabled, that’s the one she is going to use. The app backs up all the usage data to a server in the cloud. There are many ways that this can be accomplished securely, and it is not necessary a bad feature, but I didn’t feel this device benefited from being internet connected. Therefore, I simply lowered its privileges by not allowing it internet access in the settings on her phone. The device works perfectly fine, she can show the doctor the data from her phone, yet we have limited our online exposure and footprint just a little more. This simple concept of least privilege can be applied almost everywhere and goes a long way to limiting your exposure to cyber threats.
I think one of the most sought after and used products for new parents is the baby monitor or baby camera. As someone who has spent a fair amount of time hacking cameras (or cameras on wheels) this was a large area of concern for me. Most cameras these days are internet connected and if not, you often lose the ability to view the feed on your phone, which is a huge benefit to parents. So how, as parents, do we navigate this securely? While there is no silver bullet here, there are a few things to consider. For starters, there are still many baby cameras on the market that come with their own independent video screen. They generally use Wi-Fi and are only accessible from home. If this system works for you, use it. It is always more secure to have a video system which is not externally accessible. If you really want to be able to use your phone, consider the below.
Most parents, especially new ones, like to ensure that anyone that watches their children is thoroughly vetted. There are a ton of services out there to do this for babysitters and nannies, however it’s not always as easy for vetting the companies that create the devices we put in our homes. So how do we determine what is safe? My father used to tell me: “It’s how we respond to our mistakes that makes the difference.” When researching a company or device, should you find that the device has been found to have a vulnerability, often the response time and accountability from the vendor can tell you if it’s a company you should be investing in. Some things to look for include:
These answers can often be discovered on a company’s website or in release notes, which are generally attached to an update of a piece of software. Take a minute to read the notes and see if the company is making security updates. You don’t need to understand all the details, just knowing they take security seriously enough to update frequently is important. This can help tip the scales when deciding between devices or apps.
Through my preparation for becoming a new parent, I constantly read in books and was told by professionals, “Remember, you can do this!” Cybersecurity in the context of being a parent is no different. Every situation is different, and it is important to do what works with you and your family. As parents, we shouldn’t be afraid to use all the cool new gadgets that are emerging on the market, but instead educate ourselves on how to limit our risk. Which features do I need, which ones can I do without? Remember always follow a vendor’s recommendations and best practices, and of course remember to breathe!
The post Two Pink Lines appeared first on McAfee Blogs.
A baby can leave their first footprints internet even before they’re born.
The fact is that children start creating an identity online before they even put a little pinky on a device, let alone come home for the first time. That “Hello, world!” moment can come much, much sooner. And it will come from you.
From posting baby’s ultrasound pic to sharing a video of the gender reveal celebration, these are the first digital footprints that your child will make. With your help, of course, because it’s you who’ll snap all those photos, capture all those videos, and share many of them on the internet. Yet even though you’re the one who took them, those digital footprints you’ve created belong to your child.
And that’s something for us to pause and consider during this wonderful (and challenging!) stretch of early parenthood. Just as we look out for our children’s well-being in every other aspect of their little lives, we must look out for their digital well-being too. Babies are entitled to privacy too. And their little digital lives need to be protected as well.
Babies lives are more connected than you might think. Above and beyond the social media posts we make to commemorate all their “firsts,” from first solid food to first steps, there’s digital information that’s associated with your child as well. Things like Social Security Numbers, medical records, and even financial records related to them all exist, all of which need to be protected just like we protect that same digital information as adults.
Likewise, there’s all manner of connected devices like Wi-Fi baby monitors, baby sleep monitors, even smart cribs that sense restlessness in your baby and then rocks and soothes those little cares away. Or how about a smart changing table that tracks the weight of your child over time? You and your baby may make use of those. And because all these things are connected, they have to be protected.
This is the first of two articles that takes a look at this topic, and we’ll start with a look at making good choice about purchasing “smart devices” and connected baby monitors—each pieces of technology that parents should investigate before bringing them into their home or nursery.
As a new parent, or as a parent who’s just added another tyke to the nest, you’ll know just how many products are designed for your baby—and then marketed toward your fears or concerns. Before buying such smart devices, read reviews and speak with your health care provider to get the facts.
For example, you can purchase connected monitors that track metrics like baby’s breathing, heart rate, and blood-oxygen levels while they sleep. While they’re often presented as a means of providing peace of mind, the question to ask is what that biometric information can really do for you. This is where your health care provider can come in, because if you have concerns about Sudden Infant Death Syndrome (SIDS), that’s a much larger conversation. Your provider can discuss the topic with you about and whether such a device is an effective measure for your child.
Another question to ask is what’s done with the biometric data that such devices monitor. Is it kept on your smartphone, or is it stored in the cloud by the device manufacturer? Is that storage secure? Is the data shared with any third parties? Who owns that data? Can you opt in or opt out of sharing it? Can you access and delete it as needed? Your baby’s biometrics are highly personal info and must be protected as such. Without clear-cut answers about how your baby’s data is handled, you should consider giving that device a hard pass.
How do you get those answers? This is another instance where you’ll have to roll up your sleeves and read the privacy policy associated with the device or service in question. And as it is with privacy policies, some are written far more clearly and concisely than others. The information is in there. You may have to dig for it. (Of note, there are instances where parents consented to the use of their data for the purposes of government research, such as this study published by the U.S. National Institutes of Health.)
Related, here’s the advice I share on every connected “smart” device out there, from baby-related items to smart refrigerators: before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some smart device manufacturers are much better at baking security protocols into their devices than others, so investigate their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.
An online search for “hacked baby monitor” will quickly call up several unsettling stories about hackers tuning into Wi-Fi baby monitors—scanning the camera about the room at will and perhaps even speaking directly to the child. Often, this is because the default factory password has not been changed by the parents. And a “default password” may as well be “public password” because lists of default passwords for connected devices are freely available on the internet. In fact, researchers from Ben Gurion University looked at the basic security of off-the-shelf smart devices found that, “It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand.”
The three things you can do to prevent this from happening to your Wi-Fi baby monitor, along with other connected devices around your home, are:
What about “old-style” baby monitors that work on a radio frequency (RF) like a walkie-talkie does? Given that they’re not connected to the internet, there’s less risk involved. That’s because hacking into an RF monitor requires a per person to be in close physical proximity to the device and have access to the same broadcast frequency as your device—a far less likely proposition, yet a risk none the less. Some modern RF baby monitors even encrypt the radio signal, mitigating that much more risk.
Next up, we’ll take a closer look at baby’s privacy online. Yes, that’s a thing! And an important one at that, as taking charge of their privacy right now can protect them from cybercrime and harm as they get older.
Feel free to read on right here.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The Connected Lives of Babies: Protecting First Footprints in the Digital World, Part 1 appeared first on McAfee Blogs.
Picture an infant with a credit card.
In her name. With a $10,000 limit.
Well, it happens. As recent as 2017, it was estimated that more than 1 million children in the U.S. were victims of identity theft. Of them, two-thirds were under the age of seven, and the total losses connected to all this fraud weighed in $2.6 billion dollars.
As I mentioned in part one of our article on the connected lives of babies, babies can make their first digital footprints before they’re even born. What’s more, the moment a child enters this world along with a unique ID like a Social Security Number, they become a tempting target for cybercriminals. The reason is this: babies and very young children are effectively a blank slate, upon which crooks can write their own illicit history of fraud. And it can be years before you or your child find out, long after the damage to their credit has been done.
So, let’s pick up where we left off in part one by taking a close look baby’s privacy and how you can protect it.
There’s rightfully a great deal of conversation out there about the things we can do to protect our identity from theft. What’s talked about less often is protecting children from identity theft. In fact, little ones are high-value targets for cybercriminals is because we typically don’t run credit reports on children. In this way, a crook with the Social Security Number of a child in the U.S. can open all manner of credit and accounts and go undetected for years until that child attempts to rent an apartment or open his or her first credit card.
To protect your family from this kind of identity theft, the major credit reporting agencies suggest the following:
I. Check your child’s credit regularly. If your child indeed has a credit report against their name, there’s a strong chance that their identity has been stolen. You can work directly with the credit reporting agency to begin resolving the issue. If there is theft, file a report with the appropriate law enforcement agency. You’ll want a record of this as you dispute any false records.
II. Freeze your child’s credit. A freeze will prevent access to your child’s report and thus prevent any illicit activity. In the U.S., you’ll need to create a separate freeze with each of the three major credit reporting agencies (Equifax, Experian, and TransUnion). It’s free to do so, yet you’ll have to do a little legwork to prove that you’re indeed the child’s parent or guardian.
III. Secure your documents and keep personal info close to the vest. Along with things like a passport, insurance cards, and birth certificates, store these items in a safe location when you’re not actively using them. That goes extra for Social Security cards. Likewise, doctor’s offices often ask patients for their Social Security Number, which typically helps with their billing. See if they can accept an alternative form of ID, use just the last four digits, or simply forgo it altogether.
Getting your kiddo a website is probably low on your list of priorities, yet it’s a sound move to consider. Here’s why: it carves out a piece of digital real estate that’s theirs and theirs alone.
Whether you opt for a dot-com or one of several hundred other extensions like .net, .us, and .me, a personal URL gives you and your child ownership of yet another piece of their digital identity. No one else can own it as long as you’re paying the fee to maintain it. Think of it as an investment. Down the road, it could be used for a personal email address, a professional portfolio site someday, or just a side project in web design. With internet URLs being a finite resource, it’s wise to see if spending a relatively small fee each a year is worth securing this piece of your child’s identity.
We all have one—that picture from our childhood that we absolutely dread because it’s embarrassing as all get-out. Now contrast that with today’s digital age, where an estimated 95 million photos are posted each day on Instagram alone. We’re chronicling our lives, our friends’ lives, and the lives of our families at an incredible rate—almost without thinking about it. And that opens a host of issues about privacy and just how much we share. Enter the notion of “sharenting,” a form of oversharing that can trample your child’s right to privacy.
For babies, we have to remember that they’re little people who, one day, before you know it, will grow up. How will some of those photos that seemed cute in the moment hold up when baby gets older? Will those photos that you posted prove embarrassing some day? Could they be used to harm their reputation or damage their sense of privacy and trust in you?
With that, let’s remember a couple things when it comes to sharing photos of our children:
• The internet is forever. Work on this basic assumption: once you post it, it’s online for good.
• Babies have a right to privacy too. It’s your job to protect it while they can’t.
So, before you post, run through that one-two mental checklist.
Sharenting can also lead to identity theft. In 2018, Barclay’s financial services estimated that oversharing by parents on social media will amount to more than 7 million cases of identity theft a year by 2030—just shy of a billion dollars U.S. worth of damage. This includes all the tips and cues that crooks can glean from social media posts and geographic metadata that’s captured in photographic files. Things like birthdays, pet names, names of schools, favorite teams, maiden names, and so forth are all fodder for password hacks and targeted phishing attacks. The advice here is to keep your digital lives close to the vest:
I. Set all social media accounts to private. Nothing posted on the internet is 100% private. Even when you post to “friends only,” your content can still get copied and re-shared.
II. This way, the general public can’t see what you’re posting. However, keep in mind that nothing you ever post online is 100% private. Someone who has access to your page could just as easily grab a screenshot of your post and then continue to share it that way.
III. Go into your phone’s settings and disable location information for photos. Specifics will depend on the brand of your phone, but you should have an option via the phone’s “location services” settings or within the camera app itself. Doing so will prevent the geographic location, time, date, and even device type from appearing in the metadata of your photos.
IV. Above all, think twice about posting in the first place. “Do I really need to share this?” is the right question to ask, particularly if it can damage your child’s privacy or be used by a scammer in some form, whether today or down the road.
Like new parents don’t have enough to think about already! However, thinking about these things now at the earliest stages will get you and your growing family off on a strong and secure start, one that you can build on for years to come—right up to the day when they ask for their first smartphone. But you have a while before that conversation crops up, so enjoy!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The Connected Lives of Babies: Protecting First Footprints in the Digital World, Part Two appeared first on McAfee Blogs.
FreshRSS 