By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is a Password Spraying Attack?

In a password spraying attack, adversaries try to guess users’ passwords by using a list of common and predictable passwords. Password spraying attacks are similar to brute-force attacks, in which threat actors predict users’ credentials to gain unauthorized access to targeted systems by the trial-and-error method.

Password spraying attacks usually enable hackers to:

• Obtain access to users’ private data
• Penetrate email and other online accounts
• Initial access and privilege escalation
• Evasion of security detection

Hackers Obtain Credentials in Password Spraying Attacks by:

• Researching on targets’ social media profiles online
• Leveraging social engineering scams to obtain sensitive information
• Trying common passwords like – qwerty, password, Password123, 123456, etc., to break into accounts
• Exploiting compromised accounts to obtain email addresses
• Moving laterally in the compromised network to affect more accounts and steal credentials

Also Read: These are the Most Common Passwords of 2021

How to Prevent Password Spraying Attacks

Organizations can boost their overall security posture by following basic password management measures. These include:

• Enabling two-factor or multi-factor authentication procedures
• Using strong passwords that include numbers, symbols, and both uppercase and lowercase letters
• Changing all default passwords
• Keeping well-documented procedures for password resets
• Implementing a Zero Trust security model to detect anonymous intrusions
• Restricting access to authentication URLs
• Enforce the use of strong passwords
• Enabling CAPTCHA feature for authentication
• Enabling account lockout option, after multiple wrong login attempts
• Maintaining security awareness training to employees regularly

Also Read: 6 Practices to Strengthen Your Password Hygiene

Weak Passwords Make Hacker’s Job Easy

Cybercriminals often exploit leaked/stolen passwords from data breaches to break into user accounts. Pet names, favorite movies, or hobbies are used as passwords, exposing user accounts to password spraying and account takeover attacks. According to a survey, 63% of employees in the U.S. have reused their passwords on work accounts and devices. It was found that employees are 6.5 times more likely to reuse their passwords.

What Experts Say… 

Commenting on the importance of passwords, Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock, said, “The remote working trend and the heightened dependence on digital platforms brought about by the ongoing pandemic have contributed to an increase in cyberattacks, with cybercrime rising through unsecured networks, websites, and emails. We often save financial data, personally identifiable information (PII), contacts, credit and debit card information on our personal devices.

“All this data is at risk online. One of the ways we can secure it is by using password managers that allow us to keep multiple and more complicated passwords. It is good that consumers today recognize the need for cyber safety and that it can start with something as simple as having stronger passwords,” Chopra added.

A robust password management program and adherence to cybersecurity practices are the best defense against evolving hacker intrusions.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How to Prevent Password Spraying Attacks appeared first on CISO MAG | Cyber Security Magazine.

In a joint report, the agencies stated the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, leveraged a Kubernetes cluster to perform a set of brute-force attacks against hundreds of private and public entities across the globe from mid-2019 to early 2021. APT28 is reportedly attributed GTsSS and has multiple identities, including Fancy Bear, Sednit, Tsar Team and STRONTIUM.

Exploiting Microsoft Services

The threat actors launched brute-force attempts against organizations using Microsoft Office 365 cloud services. In a brute-force attack, attackers try to guess usernames and passwords to gain unauthorized access to a targeted source by the trial-and-error method. The attack allows hackers to obtain access to users’ private data, including email account credentials, which actors use for multiple purposes such as initial access, persistence, privilege escalation, and defense evasion.

APT28 threat actors reportedly exploited publicly known vulnerabilities – CVE 2020-0688 and CVE 2020-17144 – in Microsoft Exchange servers for remote code execution and to get privileged access to targeted networks. To hide their criminal activities, they used the TOR platform and VPN services like IPVanish, CactusVPN, WorldVPN, NordVPN, ProtonVPN, and Surfshark.

Sectors Targeted

• Government and Military services
• Political and party organizations
• Defense contractors
• Energy companies
• Logistics companies
• Think tanks
• Higher education institutions
• Law firms
• Media firms

“This campaign has already targeted hundreds of U.S. and foreign organizations worldwide, including U.S. government and Department of Defense entities. While the sum of the targeting is global in nature, the capability has predominantly focused on entities in the U.S. and Europe,” the report said. 

Mitigating Brute-force Attacks

Security admins can boost the security posture of their organization by following certain basic measures. These include:

• Adopting two-factor or multi-factor authentication
• Using strong passwords that include numbers, symbols, and both uppercase and lowercase letters
• Changing all default credentials
• Implementing a Zero Trust security model to detect anonymous intrusions
• Restricting access to authentication URLs
• Enabling CAPTCHA feature for authentication
• Enabling account lockout option, after multiple wrong login attempts

The post Russia-based APT28 Linked to Mass Brute-force Attacks Against Cloud Networks appeared first on CISO MAG | Cyber Security Magazine.

By Pooja Tikekar, Sub Editor, CISO MAG

A CoWin Decoy?

India has been aggressive with its vaccination drive since its launch in January 2021, for health care and frontline workers first in line. The second phase of the vaccination program for the public kickstarted on March 1, 2021. The two vaccines being administered include “Covishield” from the Serum Institute of India and “Covaxin” from Bharat Biotech. Technology plays a critical role in planning, deploying, and monitoring vaccination programs. Hence, citizens are urged to register via Aarogya Setu or on the CoWIN website. However, hackers are testing the country’s digital architecture, and allegedly impersonating the legitimate CoWIN website to coax citizens into registering on the fake portal and exfiltrate their personal information.

RDP Attacks Skyrocket

Remote work continues to top the business continuity operations in India. According to a cybersecurity report from Kaspersky, India witnessed 9.04 million brute-force attacks against remote desktop protocol (RDP) in February 2021, compared to 1.3 million in February 2020 and to 3.3 million in March 2020. Working in decentralized environments has become the new normal and brute-forcing RDPs, the most common technique for cybercriminals to gain access to Windows systems and execute malware.

“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” said Dmitry Galov, security expert at Kaspersky. “That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access.”

The New-age Oil Leaks Copiously

The data breach landscape in India, pre-COVID, was simple. Adversaries launched ransomware attacks by encrypting the data on vulnerable systems and demanding ransom in exchange for a decryption key. Cybercriminals were complacent in inventing new attack vectors. But as the adage goes, change is the only constant. Today, ransomware groups are re-inventing their modus operandi to not just attack the data or “the new-age oil,” but the brand image of a business. With improved infrastructure, India is opening its doors to global market players. Threat actors are leveraging this opportunity to attack the brand image of a business/enterprise by dropping malware payloads on the targeted system and exporting data, in turn damaging intellectual property and national security.

The recent MobiKwik data leak exposed the data of 3.5 million users, with 6TB of KYC details and 350 GB of compressed MySQL dump. To add to the list, the personal information of 533 million Facebook users from 106 countries was leaked for free on an underground hacking forum – with 6.1 million users from India alone. And if this was not enough, India’s second-largest stockbroker, Upstox, was reportedly the latest victim of a breach, allegedly leaking data of 2.5 million users.

Souring India-China Relations

Ever since the pandemic broke out, India’s relationship with China turned sour. This was evident in the Mumbai power outage in October 2020, which crippled the financial capital with chaos. An investigation from Maharashtra cyber department revealed a malware attack with unaccounted data transfer from a foreign server to the Maharashtra State Electricity Board (MSEB) server. However, evidence from Recorded Future underlined the geopolitical tensions and border clashes between the two Asian neighbors. It claimed that Chinese-state sponsored group “RedEcho” targeted India’s power grid. However, it did not stop here. CERT-In averted a hacking attempt on Telangana state power utilities, TS Transco and TS Genco, by a Chinese cybercriminal hacking group.

In the past, the Indian government alleged Chinese threat actors for attacks on the National Informatics Centre (NIC), the National Security Council (NSC), and the Ministry of External Affairs (MEA). The transformative role of technology impacted Indian cyberspace and the information sector. Another report stated that India was named one of the most cyber-targeted countries globally in 2019, with over 50,000 cyberattacks from China alone. Whereas, the IBM Security report titled “2021 X-Force Threat Intelligence Index,” revealed that India was the second most cyberattacked country in the APAC.

Chief of Defense Staff, General Bipin Rawat says…

Where do we go from here?

Apart from vaccine disruptions, RDP attacks, and foreign intrusion, team CISO MAG continues to observe common attack trends such as phishing and business email compromise directed towards Indian governments and enterprises. Armies in countries like the U.S. have a cybersecurity unit (U.S. Cyber Command) that is responsible for countering cyberwarfare. India has cyber cells attached to its state police forces, and in a similar vein, the Indian government needs to seriously consider a cyberwarfare unit within the armed forces and scale up its cyber maturity.

Cyberwarfare is here to stay threat actors are eyeing every chance to sabotage the country’s defense mechanism. Out of the many attempts made by security agencies, India’s agility in incident response has been inadequate. And with the soaring second COVID-19 wave, it would be interesting to watch how India combats the vicious nature of existing and new cyberthreats.

What are your thoughts on this? Write to us at editorial@cisomag.com

About the Author

Pooja Tikekar is the Sub Editor at CISO MAG, primarily responsible for quality control. She also presents C-suite interviews and writes news features on cybersecurity trends.

More from the author.

The post COVID-19 and the Current Cyberthreat Landscape in India appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

There might be different attack vectors for hackers, but the goal is only one – target victims’ digital assets.

What is an attack vector?   

An attack vector is any method or path used by an attacker to gain unauthorized access to a victim’s network system, break into users’ devices, or exploit known vulnerabilities. Attack vectors enable cybercriminals to meet their goal of successfully launching cyberattacks.

Categories of an Attack Vector

Usually, the attack vectors leveraged by cybercriminals fall under two categories: Active attacks and Passive attacks.

In an Active attack vector, attackers try to obtain unauthorized access to a network system by disrupting its operations. Exploiting unpatched vulnerabilities, email spoofing, malware, and ransomware attacks come under Active attack vectors.

In a Passive attack vector, attackers aim to gain access to a targeted system without affecting its resources. Spear-phishing, URL hijacking, and other social engineering-based attacks come under Passive attacks.

Common Types of Attack Vectors

Threat actors utilize both active and passive attack vectors to target their victims, with the end goal of exploiting targeted devices or pilfer sensitive information. While there are several attacks vectors that malicious actors leverage, the most common attack vectors include:

1. Brute-Force Attack

A brute force attack is a credentials-cracking technique in which attackers try to guess usernames and passwords to gain unauthorized access to a targeted source by the trial-and-error method. Attackers launch brute-forcing both manually and by using automated tools that leverage a list of password combinations to crack the users’ passwords.

How to Avoid Brute-force Attacks

• Use strong passwords/passphrases
• Restrict access to authentication URLs
• Use CAPTCHA feature for authentication
• Enable two-factor authentication (2FA)
• Enable account lockout option, after multiple wrong login attempts

2. Cross-Site Scripting (XSS)

Cross-Site Scripting or XSS attacks involve injecting malicious code into web applications to target the visitors of a particular website. The attackers mostly deploy malicious scripts or code, written in JavaScript, Flash, and HTML, in the website’s content or comment section. In XSS attacks, threat actors aim to steal users’ browser cookies and pilfer sensitive information such as login credentials, financial details, and other private information.

How to prevent XXS attacks

• Avoid accepting third-party cookies
• Be wary of user comments on websites
• Never click/open suspicious URLs

3. Phishing Attacks

A phishing attack is a common cyberthreat in which hackers target a particular user or group of users with malicious URLs and attachments sent via phishing emails. Once a user clicks/opens the malicious URL or attachment in a phishing email, it’ll redirect the user to a fake login page tricking the user into entering login credentials.

At times, attackers also send dangerous malware like Adware, Spyware, Banking Trojans, Ransomware, and cryptocurrency miners which cause a severe impact to users and organizations. Five Phishing Baits to Know

How to prevent being phished

• Never open/click on suspicious emails
• Use anti-phishing software to filter phishing emails

4. DDoS Attacks

In Distributed Denial of Service (DDoS) attacks, cybercriminals try to make a targeted system or service unavailable to its users by flooding it with unwanted incoming messages and traffic from different sources.

Attackers mostly launch DDoS attacks on network resources like data centers, servers, and websites of a computer system. DDoS attacks cause disruption of services or even crash of the services.

DDoS Countermeasures

• Use DDoS-prevention services
• Enable Content Delivery Network (CDN) solutions

Wrap-up

To prevent various attack vectors cybercriminals leverage, we need to first identify an enterprise’s security loopholes and vulnerabilities. Companies need to device a management solution for BYODs, especially in these testing times of remote working. With complete awareness of different attack vectors and proper security measures in place such as having a spam firewall or web filter, one can stay ahead of cybercriminals and their social engineering techniques.

About the Author

Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.

The post 4 Common Attack Vectors You Need to Know appeared first on CISO MAG | Cyber Security Magazine.

The Findings

Researchers from the Acronis Cyber Protection Operations Centers (CPOCs) found a glaring fact that 80% of companies do not have an established password policy. Additionally, their analysis also uncovered that 15-20% of the passwords used in a business environment include the name of the company itself, making it easier to crack.

Two recent high-profile breaches illustrate this problem. Before its Orion IT Management software’s compromise, SolarWinds was warned that one of its update servers had a publicly known password of “solarwinds123,” while former President Donald Trump’s Twitter account was hacked because the password was alleged “maga2020!”.

Of the organizations that do have a password policy in place, the researchers found that many rely on default passwords, and up to 50% of those are categorized as weak. With the ongoing COVID-19 pandemic and employees are working remotely, attackers are targeting these weak password practices.

Related News:

CISO MAG Market Trends Report on Data Security – 2020

Concurrently, researchers also observed a dramatic increase in the number of brute force attacks during 2020, and found that password stuffing was the second most used cyberattack last year, just behind phishing.

Candid Wüest, VP of Cyber Protection Research at Acronis, explained, “The sudden rush to remote work during the pandemic accelerated the adoption of cloud-based solutions. In making that transition, however, many companies did not keep their cybersecurity and data protection requirements properly in focus. Now, those companies are realizing that ensuring data privacy is a crucial part of a holistic cyber protection strategy – one that incorporates cybersecurity and data protection – and they need to enact stronger safeguards for remote workers.”

Financial and Reputational Risks

While the businesses are realizing the need to ensure the privacy of their own and their customers’ data, a lag in awareness among digital users remains. A recent report stated that 48% of employees admit they are less likely to follow safe data practices when working from home.

Experts believe that poor password hygiene and lax cybersecurity habits of remote workers could lead data exfiltration to soar in 2021. Threat actors will primarily be interested in accessing and stealing valuable company data. The trend is like the one seen among ransomware attackers, who are stealing proprietary or embarrassing data and then threatening to publish it if the victim does not pay. Last year, Acronis identified more than 1,000 companies around the world that experienced a data leak following a ransomware attack.

Implementing Stricter Authentication

To avoid costly downtime, significant reputational damage in the marketplace, and steep regulatory fines caused by a data breach, organizations must strengthen the authentication requirements needed to access company data.

Acronis and other cybersecurity experts recommend the following practices for better security:

• Multi-factor authentication (MFA), which requires users to complete two or more verification methods to access a company network, system, or VPN, should be the standard for all organizations. By combining passwords with an additional verification method, such as a fingerprint scan or randomized PIN from a mobile app, the organization is still protected if an attacker guesses or breaks a user’s password.
• A Zero Trust model must be adopted to ensure data security and privacy. All users, whether they are working remotely or operating inside the corporate network, must be required to authenticate themselves, prove their authorization, and continuously validate their security to access and use company data and systems.
• User and entity behavior analytics, or UEBA, helps automate an organization’s protection. By monitoring the normal activity of users with AI and statistical analysis, the system can recognize behavior that deviates from normal patterns – particularly those that indicate a breach has occurred and data theft is underway.

On Data Privacy Day 2021, Acronis has released the Acronis Cyberthreats Report. Refer to the report for detailed information on other threats and trends to look out for in 2021.

Related News:

Federated Learning Can Solve Security and Data Privacy Challenges: Intel Labs

The post On Data Privacy Day, Acronis Forecasts Critical Privacy Risks for 2021 appeared first on CISO MAG | Cyber Security Magazine.

Brute Force and Pass-the-Cookie Attacks

CISA claimed that attackers leveraged a variety of tactics and techniques, including phishing, brute force login attempts, and pass-the-cookie attacks to exploit loopholes in an organization’s cloud security practices.

In Pass-the-Cookie attack technique, the attacker compromises the cookies to gain unrestricted access to the victim’s resources. Even multi-factor authentication can be bypassed using this technique.

“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks,” CISA said.

CISA’s Observations

• In several engagements, CISA observed threat actors collecting sensitive information by taking advantage of email forwarding rules, which users had set up to forward work emails to their personal email accounts.
• CISA determined that the malicious actors modified an existing email rule on a user’s account—originally set by the user to forward emails sent from a certain sender to a personal account—to redirect the emails to an account controlled by the actors. The adversaries updated the rule to forward all email to their accounts.
• Attackers also modified existing rules to search users’ email messages (subject and body) for several finance-related keywords (which contained spelling mistakes) and forward the emails to their accounts.
• In addition to modifying existing user email rules, they created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users’ Really Simple Syndication (RSS) Feeds or RSS Subscriptions folder in a bid to prevent legitimate users from seeing the warnings.

How to Mitigate?

CISA also recommended certain security steps for organizations to strengthen their cloud security practices. These include:

• Implement conditional access (CA) policies based upon your organization’s needs.
• Establish a baseline for normal network activity within your environment.
• Routinely review both Active Directory sign-in logs and unified audit logs for anomalous activity.
• Have a mitigation plan or procedures in place; understand when, how, and why to reset passwords and to revoke session tokens.
• Verify that all cloud-based virtual machine instances with a public IP do not have open Remote Desktop Protocol (RDP) ports. Place any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall.
• Focus on awareness and training. Make employees aware of the threats—such as phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
• Establish blame-free employee reporting and ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.

The post Strengthen Your Cloud! CISA Warns Organizations Amid Rising Attacks appeared first on CISO MAG | Cyber Security Magazine.

Lt. Commander (Ret.) Israel Navy, Gutman has filled several operational, technical, and business positions at defense, HLS, Intelligence, and cybersecurity companies, and provided consulting services for numerous others. He joined SentinelOne 8 months ago to oversee local marketing activities in Israel and contribute to the global content marketing team. Gutman founded and managed the Cybersecurity Marketing Professionals Community, which includes over 300 marketing professionals from more than 170 cyber companies.

In a Zoom call with Brian Pereira, Principal Editor, CISO MAG, Gutman tells us about his journey from the Israeli Navy to Homeland Security and then to a cybersecurity startup ecosystem in Israel, finally becoming the Marketing Director at SentinelOne. He also discusses how SentinelOne grew from a startup to a global organization in less than a decade.

Edited excerpts from the interview follow:

You served the Israeli Navy but how did you get into cybersecurity? What are your core interests in this field?

My route into cybersecurity was a peculiar one. Like most Israelis, I served in the armed forces, specifically in the Israeli Navy, where I was an officer for six and a half years, starting with serving on missile ships.  Later, I served as an instructor at the naval academy. On completion of service, I started working with Israeli defense companies, which worked extensively with India. After that, I moved to Homeland Security, and you will recall the terrorist attacks in Mumbai, around 2008. Israeli companies work with governments and organizations all over the world to improve their internal security, smart cities, and border security. Four years later, I saw that form of terrorism is starting to decline and that there is an emerging field called cybersecurity.

In 2010, there was a cyberattack on Iran’s nuclear facility (Stuxnet), and that incident highlighted the need to secure not just the IT infrastructure and the data that resides within but also the physical infrastructure.

Pursuing the current opportunities, I have worked with Israeli startups–there are 350 cybersecurity startups in Israel that are divided into roughly 150 cybersecurity product categories, collectively. My niche within that was to take my previous experience, product skills, pre-sale skills, marketing skills, and help those companies with their product offerings. And for the past six years, I moved between companies until I found my current position.

During this time, I met hundreds of local marketers and professionals and there was much sharing in communities, and we also established a community of like-minded professionals to share information about cybersecurity and marketing. Currently, this community has 350 members from all the major cybersecurity companies in Israel.

Can you tell us the story of SentinelOne and how it scaled up so quickly? How did you land up at SentinelOne? What are you involved in these days?

SentinelOne was established more than seven years ago and it was just like any other startup. People (in the company) knew one another from the military service and they came up with an idea to improve endpoint security. SentinelOne grew very rapidly and most of the company is now located overseas. The HQ is in the U.S. and they now have a large presence in the EU. We just established the first Asia Pacific HQ in Singapore. So, it has grown very quickly, and we now have 500 employees and many customers.

I got into it through one of the people in the community, who is also an ex-Israeli Navy. He suggested that I help them boost their marketing efforts on the local front. SentinelOne has been investing in brand awareness and brand recognition globally, especially in the North American market. And in the local market, it never got sufficient attention. But when it got to a point where we needed to recruit about 100 people each year, the lack of public awareness became a challenge.

I joined about a year ago. I began as a consultant and then I saw it as a good fit, and later joined full time, last January.

On the local front, I am helping with recruitment marketing, and we look for the top talent in cybersecurity and technology, in general. I’m also part of the global marketing team made up of content marketers, product marketers, people who are tech-savvy — and we create content that generates leads. We publish that content in many channels.

As an outsider, I was impressed with SentinelOne as it achieved something very few companies in the world, especially here in Israel, are able to do on that scale. Last year we did a business of $100 mn globally and this year we hope to increase that.

Even the pandemic has not made a dent in our sales. So, I am envisioning great things for this company.

How did you help customers when the pandemic was announced in March?

When this happened, we were among the first to inform customers about the risks of working from home. We conducted a webinar in early March to inform them. We also reached out to our existing customers and offered to extend the number of licenses. Since they were sending workers home, they would be looking to buy new licenses. That’s not something they were expecting. That’s not something that was budgeted. We offered that to them for a period of 90 days and this was also available to new customers.

We then started monitoring the threat intelligence landscape, and we have a blog with COVID-related threats. We advise people about IOCs (Indicators of Compromise) and compromised IP addresses.  We also beefed up our support and conduct surveys to measure their level of satisfaction.

How has the SentinelOne product evolved to help remote workers in a decentralized environment? Can it stop ransomware?

The product was initially built as an on-prem solution. We observe that people who work from remote locations connect and then they disconnect and go to a coffee shop and continue working. So, our product can work even in a non-connected environment when you are not connected to the cloud, or where there is no Wi-Fi connection. Our product will still secure you in a robust manner.

We invest in the autonomy of the product. We also invest in the ability to perform a roll-back, specifically for ransomware attacks. Sometimes our systems are able to stop these attacks. So, this is behavioral-based. If it is not a known threat, we will pick it up, but sometimes we could be late by a few seconds. That’s why we make sure that the product allows one to roll back and decrypt some of the files. We were also able to detect new forms of ransomware, create a decryptor, and publish it online for anyone to access.

To counter this, we identify a new device on the network and fingerprint it, and we compare it to other devices in the network. Let’s say it is a security camera. If it starts behaving differently from other cameras, we can then block it through the firewall and prevent it from accessing the external world. So, we can restrict its behavior in a cyberattack.

This is an ongoing battle. We have to keep learning what the attackers are doing and keep training our algorithm to respond to the threat.

Read a longer version of this interview in the October 2020 issue of CISO MAG. Subscribe here.

The post “Attackers are looking to break into your organization either by a broken VPN or RDP protocols” appeared first on CISO MAG | Cyber Security Magazine.