2022-10-10 - Version 2

It’s cyber security awareness month, which is why we’re doing a series of blogs to help you identify ways to use runZero to boost your security. We’re kicking off the series with ways to integrate runZero into your red team best practices. Red teams test the effectiveness of an organization’s security controls, including those in place to defend networks, endpoint hardware and software, as well as physical locations. Red teaming focuses on the concept that an organization doesn’t know how secure they are until they’re attacked. Therefore, red teams are critical in helping organizations uncover their weaknesses before a real world attacker does, empowering the organization to be proactive instead of reactive. Let’s dig into three important red team security practices, explain their importance, and share how runZero can be best applied to each practice.

Best practice #1: Perform routine assessments

A red team assessment can include more than just penetration testing, it can also include social engineering exercises, physical penetration tests, and threat modeling as well. Tactics, techniques, and procedures (TTPs) that emulate real-world cyber attacks are critical red teaming elements. Routine assessments help keep the company prepared and can expose new vulnerabilities in the software being used or the employees that are accessing the data. Of course, these routines should always include a follow up with the results, but it is important to keep the initial assessment under wraps from the majority of the organization (except perhaps the security team, which should be determined ahead of time when negotiating the scope of assessment) to ensure an authentic representation of the existing security. runZero delivers network visibility that can expose links between assets, helping you determine the severity of risk based on the results. For example, if someone with access to customer data succumbs to a phishing attack, you can identify systems in the network an attacker could have gained access to. runZero also offers vulnerability integrations, which will enrich your asset inventory with your vulnerability scan results. With a centralized view of your assets and their vulnerability results, you can identify high-risk assets and assess the risk to your network. This creates increased value in the security assessment results and may be a great way to encourage more thorough security training throughout the company.

Best practice #2: Record everything

runZero offers more accurate asset information so you can track and identify assets that are connected on the network. This makes those security comparisons easier, as well as the overall identification of what assets are accessible. As your red team conducts security assessments and penetration tests, the team should be recording everything–from the methods used to the assets that were accessed. This allows your team to routinely repeat the process to either validate remediation or mitigation efforts or to look for new weaknesses. Having clear documentation will allow for better analysis, as similar assets can be easily compared for the same security risks. Knowing the assets that can be compromised is critical for identifying so many other issues and risks on your network. Users can be identified making it easier to track:

Remote access services
Software versions with unique vulnerabilities
Individual assets that are linked to sensitive data

Tracking the items listed above can make implementation of stronger security measures easier to execute efficiently.

Best practice #3: Choose the best tools

One of the first things that red teams focus on is reconnaissance. During this initial phase, it is critical to gather as much information as possible from target networks and systems. Discovery usually entails enumerating domains owned by the organization and scanning internal networks to collect information about the devices connected to them. Red teams generally perform both passive and active methods of reconnaissance, leveraging a myriad of tools to support their efforts. With runZero, you can scan public facing and internal assets to gather details about them, like their OS, open services, installed software, and SSH versions. Once the red team has enough information about the target systems, they can leverage this data to find misconfigurations, identify potential vulnerabilities, and better plan their attack methods. As a part of regular penetration tests, the red team is responsible for finding creative ways to exploit vulnerabilities. This means being aware of current system and application vulnerabilities and looking for new vulnerabilities in company software using unique methods to extract data. While this data is ultimately taken back with an intent to strengthen the security against such exploitation, the practice of being able to think like an attacker is valuable to red team practices. Red team exploitation exercises are meant to bring weaknesses in data and network security to light and can result in preventative measures. Exploitation requires choosing the right tools. For the exercise to be as authentic as possible, the tools used often need to balance effectiveness with being undisruptive. Red team methods should safely work with fragile systems with the goal of not raising any alarms or disrupting work flow.

Stay tuned for more

This is the first post for the runZero cyber security awareness month blog series. In this post, we covered best practices of routine assessments and detailed recording. We also went over the importance of vulnerability exploitations and how runZero can be applied to help in your red team endeavors.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

2022 runZero

When FastCompany’s website was hacked late Tuesday night, it sent shockwaves through the media world, underscoring the importance of routine cybersecurity inspections for media companies. Now, in the wake of the prominent hack, media companies are scrambling to secure their content management systems.

So, what happened and how?

Well, the hacker (who went by the name “postpixel”) managed to infiltrate FastCompany’s content management system (CMS) and post stories that looked like they were from FC’s editorial team. They also hijacked FastCompany’s Apple News feed (a first), broadcasting obscene push notifications replete with racial slurs and, uh, an “invitation for a particular sexual act,” according to The Verge.

In a statement, FastCompany responded with the following:

“The messages are vile and are not in line with the content and ethos of FastCompany. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved.”

As of this writing, FastCompany.com was still offline.

Source: FastCompany

In a warning of sorts, the hacker also left a message to FastCompany’s readers, detailing their execution of the hack while criticizing FC’s feeble attempts at security remediation:

Source: FastCompany via The Verge

According to “postpixel,” they were able to gain access to FastCompany’s systems by exploiting an insecure password shared by an FC site administrator. They also claimed to have traded FC’s data in a forum for black-hat hackers, including sharing records on FastCompany employees, and even sharing unpublished FastCompany articles.

This may be headline news today, but this is just the latest hack in a string of cyberattacks on media companies. In recent months, both The New York Times and The Wall Street Journal have reported that their systems had been compromised by hackers. You can bet that there will soon be a new headline to replace FastCompany.

The bottom line: These incidents serve as a reminder that media companies need to take steps to secure their data and protect their employees.

Most of all…

Trust No One.

In the wake of high-profile hacks at major media companies like Fast Company, it’s clear that traditional approaches to cybersecurity are no longer enough. One of the most important things companies can do to protect themselves is to implement stronger internal security models.

The shocking conclusion tech and media companies are just now coming to terms with is that people are the weakest links in security. As a result, they’re taking a firm “trust no one” stance.

The security buzzword for this is “Zero Trust,” which simply assumes that a company can be breached no matter what, including by its own unwitting users. The un-named FastCompany “administrator,” for instance, who shared passwords inside the firm.

With zero trust, every user and every device is treated as a potential threat. This means that all traffic must be authenticated and authorized, regardless of where it’s coming from. What’s more, a core component in a proper zero-trust environment is behavioral analysis. In a nutshell, your software should monitor network behavior and flag suspicious activity. This makes it much harder for hackers to gain access to a company’s network, because they would need to have valid credentials each step of the way.

Zero trust also includes comprehensive vulnerability management. This means regularly scanning for vulnerabilities and patching them as soon as possible. Behind the scenes, I’d wager FastCompany is arguing over how to best implement new security measures and protect itself from future attacks.

But creating a new security architecture is no easy task, especially for a major media company. For FastCompany, it will likely involve completely gutting its current system and renovating it from top to bottom. That will require education and buy-in from FastCompany’s senior leadership, middle management, and even its freelancers.

We have some advice, if you’re listening, FastCompany…

So You’ve Been Pwned. What to Do Next.

Every journey begins with a single step. For FastCompany, one of the most important things it (and other media companies) can do is to regularly inspect their cybersecurity protocols and make sure they are up to date. This includes ensuring that passwords are strong and, ahem, not openly shared and/or reused across multiple accounts.

While it may seem like I’m picking on FastCompany, it’s just one example – this type of attack could happen to any media outlet. In order to protect themselves, media companies need to make sure they have a robust vulnerability management program in place.

Vulnerability management is all about identifying, prioritizing, and fixing security flaws within an organization’s systems. If a media company doesn’t have a good handle on its vulnerabilities, it’s leaving itself wide open to attack.

There are a few key things that all media companies should do to shore up their defenses:

Conduct regular security audits: By regularly assessing their systems for vulnerabilities, media companies can stay ahead of the curve and fix any problems before they’re exploited.
Keep software up to date: Relying on outdated software makes it easy for hackers to gain access to a company’s systems. Make sure all software is up to date. This way, media companies can close off this avenue of attack.
Educate employees: Hackers often exploit human error through social engineering to gain access to systems. By educating employees on security best practices, media companies can make it much harder for hackers to succeed, even if they’ve already breached their walls.
Implement strong security controls: FastCompany’s hack highlights the importance of having strong security controls in place. By implementing measures like two-factor authentication (2FA), media companies can make it much more difficult for hackers to gain access to their systems.
Plan for the worst: No matter how many safeguards a media company puts in place, there’s always a chance that they could be hacked. That’s why it’s important to have a plan in place for how to handle a breach if one does occur.

In today’s world, it’s not enough to simply have strong security measures in place. Organizations also need to be constantly monitoring their systems for vulnerabilities that could be exploited by hackers.

In the wake of the FastCompany hack, it’s also important for media companies to consider how they share information internally. In many cases, it may be necessary to restrict access to certain sensitive data or conversations to a smaller group of people.

By taking proactive measures to address vulnerabilities, media companies like FastCompany can dramatically reduce their chances of being hacked and safeguard their content from being hijacked by malicious actors.

#vicarius_blog #hacked #fast_company #cybersecurity

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.