Resolution Centre

Resolution Centre

What do your issues mean & resolutions for each of them.

Breached Emails

Breached emails mean that a company you have previously logged on to, has had data taken from their database

Certificates

Certificates are a method to encrypt data between two machines

Port Vulnerabilities

A port is a link between your computer and the computer of the person who is talking to your machine, your server.

Server Vulnerabilities

With server vulnerabilities you have an exposed software defect that can be used by anyone wanting to perform attacks on your system.

Transport Layer Security (TLS)

Transport Layer Security (TLS) is used to perform another level of encryption between you and your client.

Breached Emails

Breached emails mean that a company you have previously logged on to, for example; LinkedIn or Fitbit have had data taken from their database. These breached emails are then available on the dark web for people to use to gain access to your systems.

A breached email is often not just an email address, but the passwords and the other information about the individual as well. Having breached emails can compromise your business as often employees will use the same password in multiple places, so if cybercriminals have gained access to a password, it may mean they potentially have access or can gain authorisation to a range of your business systems.

The implications of a breached email:

  1.  It personally identifies you;
  2.  It may provide other information for a cybercriminal to gain access to your organisation. The level the employee is at does not deter cyber criminals from stealing your credentials, as whatever the level, hackers can use their information to their advantage, such as sending emails to internal teams to gain further access to senior members of an organisation.

Prevention & Remediation Action Plan

  1.  Use the AEGIS Early Warning System for prevention methods;
  2.  Have a work policy that covers the use of work emails and states that they are not to be used for any other purpose other than work-related activity;
  3.  Do not allow employees to use their work email addresses to sign up for non-work-related websites.
  4.  In case of a breach, have a process to ensure the passwords are changed immediately. Do not wait any length of time, as this allows the hackers a window of opportunity to gain access to your systems through a legitimate authorisation method.

Certificates

Certificates are a method to encrypt data between two machines. For instance, if somebody contacts your webpage, the certificate will encrypt the information between the person accessing your server and the server displaying your webpage. This will stop people from looking at any data that is going across the internet. This is now standard practice and is referred to as an SSL certificate.

Cyber Criminals can gain access to your organisation’s sensitive information through expired certificates or weak certificates to perform varied attacks on your system. These will likely be to intercept the communication between a legitimate user and your organisation or to take over that communication for themselves.

Example 1: If you run a business that offers a login facility whereby clients can gain special access to view information, the cybercriminal can exploit an expired or weak certificate to gain access and pretend to be a legitimate user. Once they have access, they can view sensitive information and may use further methods to infiltrate your systems. This is one of the ways that attackers gather information and leak it to the internet, as we’ve seen with some large high profile businesses.

Example 2: Your marketing team request your IT team to quickly build a website for an upcoming campaign. Due diligence wasn’t carried out due to the time-sensitive nature of the task, and as such a security certificate wasn’t implemented, leaving your organisation vulnerable.

Prevention & Remediation Action Plan

  1.  Use AEGIS Early Warning System to check for any certificates that may be below grade. Your certificates should be a C grade or above;
  2.  Do not allow marketing-type servers to use untrusted certificates, as often they’re used on time-pressure tasks however they will leave your system vulnerable to an attack and if connected to the rest of your corporate network means your entire corporate network becomes vulnerable to an attack;
  3.  Have a register of all of your certificates and the dates they expire with a process to replace them 3-6 months before they expire.

Port Vulnerabilities

A port is a link between your computer and the computer of the person who is talking to your machine, your server.

Example 1: A client that is accessing your webpage is doing so over a port, common ports are port 80 or port 443, and usually, these ports are there to allow bi-directional computer traffic. However, having an open port means having an entry point into your server. Cybercriminals know this so they often use this to take advantage of that port to gain entry. This could allow attacks such as ransomware to gain entry into your system and attack your machines.

Example 2: Another attack that can occur via an open port is a DDoS (distributed denial of service) attack which could stop your systems from functioning by overwhelming the server, or could install the software. Hence, to gain a financial advantage. Such as Bitcoin mining, sending spam emails or using your machine to attack another machine.

Example 3: Open ports could also indicate an internal compromise. Has an employee clicked on a phishing email and downloaded malware by accident? Could this result in more malware downloading and exfiltrating data from your system? This type of attack will often occur by the attacker misusing or creating a new port to send that information out.

Prevention & Remediation Action Plan

  1.  Use the AEGIS Early Warning System to monitor your ports continually and look for any new or suspicious ports that are currently running on your system;
  2.  Have your IT team investigate all of those ports and have them determine if they are needed for legitimate business reasons;
  3.  Have your IT team check that the ports that are open for legitimate business reasons are secured appropriately. If you use FTP make sure it has a username and a certificate-based authentication system. A password is not good enough on its own;
  4.  Start logging your servers and look for anonymous transactions on ports.
 
 

Server Vulnerabilities

With server vulnerabilities, you have an exposed software defect that can be used by anyone wanting to perform attacks on your system. This weakness can be exploited by an attacker across a privileged boundary and generally refers to software vulnerabilities in a computer system which in this case would be a server. Suppose you have a mail server, used for sending and receiving emails, or a web server which is used to serve up your webpages. In that case, if either of them have vulnerabilities, these can be an access point for cybercriminals to attack that particular system or gain deeper access into its network.

The two main groups of attackers and those that are seen as the largest threats are:

  •  Cybercriminals will try and exploit a software defect to get onto your system and potentially cause damage or hold you to ransom until you pay a fee.
  •  Or an unskilled individual who has come across a defect and wishes to test their skills to gain access to your machines. This helps the individual become a better hacker but does not necessarily result in a desire to gain any monetary advantage. These people are more likely to cause irreparable damage to your system and make it inoperable just for the sake of it.

Exploiting server vulnerabilities could result in:

  •  The loss of your website;
  •  The loss of your emails;
  •  Or a complete takeover of your system, which is then used for their own purposes, such as attacking other computer systems. This can result in your server being blacklisted.

Allowing server vulnerabilities to continue, can significantly impact your company brand and may also mean you’re stopped from being able to transact.

Prevention & Remediation Action Plan

There are a number of steps to secure your system without having to spend a fortune:

  1.  Use AEGIS to monitor your infrastructure continually, discover IT servers and other devices that are exposed to the internet that you haven’t seen before;
  2.  Use that information to see how many of these servers have known vulnerabilities;
  3.  Motivate IT staff to put a software process in place that regularly patches updates and applies them to your system & the components that your systems run on. Encourage your IT staff to review AEGIS-EW daily to ensure no new vulnerabilities have been discovered overnight that your system could be vulnerable to.
 
 

Transport Layer Security (TLS)

Transport Layer Security (TLS) is used to perform another level of encryption between the client accessing your server and your server’s interaction with that client.

Example: Mail servers use encrypted tunnels to send the mail from your machine to a mailbox of another machine. Having an appropriate level of security on these TLS tunnels is important to prevent any form of attacks on the transport of your emails.

An attacker can take advantage should you have weak encryption on your transporting layer. If the encryption is weak, the information that is being transported from your server to your clients can be intercepted. Though this kind of attack is much harder to do, it is still possible and should be mitigated. Furthermore, modern browsers will now alert a user if you have poor TLS communication, which may in turn cause damage to your brand and reputation.

Prevention & Remediation Action Plan

  1.  Use the AEGIS Early Warning System to alert you to out-of-date TLS;
  2.  The current minimum TLS is 1.2. Ensure your IT team has a process in place to ensure that every server meets that minimum requirement, and any new server will also meet that requirement. A cybercriminal will see a poorly configured server as a potential opportunity to look for other vulnerabilities in your system.