this month in cyber security - peters & associates … · 11-11-2019 · classified as...

Classified as Confidential

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

© 2019 Peters & Associates, Inc. All rights reserved.

This Month in Cyber Security

November 2019

Bruce Ward, Vice President

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsNIST’s CyberSecurity Framework (CSF)


In the news…

1.Phishing2.Patching3.Ransomware4.Solution Reviews


IT SecuritySolutions

Topic Stories

Phishing • Cybercriminals use Analytics and AI to improve phishing campaigns• Speed up Time to Detect / Respond to a Compromised User

Patching • BlueKeep is an old vulnerability but becoming increasingly dangerousand exploits Windows OS moving past End of Support dates soon

• Windows 7 to 10 migration projects not finished before Jan? Options?• Windows 2003 – No support, no security?• November Patch Tuesday – Overview from Krebs

Ransomware • Ginsu Knives and paralleling that with Ransomware as a Service (RaaS)!• Purelocker is going after servers – Windows, Linux, and more• Web hosting provider ASP.NET hit with ransomware

Solution Reviews (to protect AD)

Protect Active Directory:• Azure ATP• Azure Password Protection• Azure MFA

https://www.techrepublic.com/article/cybercriminals-using-google-analytics-to-enhance-phishing-efforts/?ftag=TREa988f1c&bhid=27392104260534351177550026850509

https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Speed-up-time-to-detect-and-respond-to-user-compromise-and-limit/ba-p/977053?_lrsc=b9c3932f-3176-41e4-92bb-04eaae02d788

https://www.zdnet.com/article/microsoft-warns-users-to-stay-alert-for-more-bluekeep-attacks/

https://arstechnica.com/information-technology/2019/11/solved-why-in-the-wild-bluekeep-exploits-are-causing-patched-machines-to-crash/

https://www.ivanti.com/blog/study-professionals-users-windows-10?mkt_tok=eyJpIjoiTm1SbE1qTTRNV05tTVdKaCIsInQiOiJYcFhZNHRRYStBMjFsSW1MVjJicjU3SEh1VHlyTDg5REZIOGhNcUJyWTFrSXNtOUJwSTFhUjFsclVsME8wSGJxQk4rT3drQ1wvbzJoZlorQlZySjlZY2JKcDZkSnAzTWhqVitvZldSMDdhTVRzanRBUXJPdnlucENySUxpSmtpVGgifQ%3D%3D

https://www.esecurityplanet.com/network-security/windows-server-2003-no-support-no-security.html

https://krebsonsecurity.com/2019/11/patch-tuesday-november-2019-edition/

https://www.zdnet.com/article/vegalocker-evolves-into-buran-ransomware-as-a-service/

https://www.zdnet.com/article/this-unusual-new-ransomware-is-going-after-servers/

https://www.zdnet.com/article/major-asp-net-hosting-provider-infected-by-ransomware/

https://azure.microsoft.com/en-us/features/azure-advanced-threat-protection/

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks


IT SecuritySolutionsIssue: Phishing

“…the best defense against analytics is more analytics."


IT SecuritySolutionsSolution: Phishing

“…the best defense against analytics is more analytics."


IT SecuritySolutionsPatching - Overview


IT SecuritySolutionsPatching - BlueKeep


IT SecuritySolutionsPatching – Windows 7

October 2018:1 Year Ago


IT SecuritySolutionsPatching - Solution

Extended Service Updates (ESU) = Windows 7 patches

Buy Subscribe Move


IT SecuritySolutionsPatching - Solution

Today Windows 10 Pro

Windows 10 Ent (E3)

No ownership $203 $326* (incl 2 years SA)

Own Win7 or 8 $181 $326* (incl 2 years SA)

Subscription N/A $7/mo$11/mo (E5, includes ESU)


IT SecuritySolutionsWindows 10 - Design Questions

UEFI

Disk Encryption

AAD Join / Co-Manage

Windows Defender

Bitlocker / MBAM

ManagementNew

Hardware

Telemetry

Secure / Lockdown


IT SecuritySolutionsWindows 10 – Deployment Options


IT SecuritySolutionsPatching W2K3 – Security by Obscurity?


IT SecuritySolutionsRansomware – SmarterASP.NET


IT SecuritySolutionsRansomware – Customer Story


IT SecuritySolutionsRansomware – PureLocker


IT SecuritySolutionsRansomware – R as a Service (RaaS)

Creators

Deployers

Customers


IT SecuritySolutionsRansomware – Solution Review


IT SecuritySolutionsSolution Review


IT SecuritySolutionsSolution Review

APT = Advanced Persistent Threat

ATP = Advanced Threat Protection


IT SecuritySolutionsAzure ATP

✓ Lateral Movement✓ Account Compromise✓ DNS Enumeration✓ Analogous Behavior✓ Domain Join/Removal✓ Admin anomalies✓ RDP port usage✓ Pass-the-Hash✓ Certificate misuse


IT SecuritySolutionsAzure Password Protection

P@ssw0rd1

Global banned password list

Custom banned password list

Good Passwords!


IT SecuritySolutions+ One Day MFA


IT SecuritySolutions

http://www.peters.com/blog/

Events, Webinars & Blogs

http://www.peters.com/blog/


IT SecuritySolutionsReady to engage?

Free 14-Day

Trial

Free One-Time Phishing

Test

Free One-Time External V-Scan

Free Coffee

Classified as Confidential

1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181

(630) 832-0075

Thank you!


Bruce Ward

[email protected]

mailto:[email protected]

this month in cyber security - peters & associates … · 11-11-2019 · classified as...

Documents