TCT is committed to helping you keep your organization secure and compliant. Every quarter, we publish compliance and security insights that you can share with your employees to fulfill periodic security reminder requirements your organization may be subject to.
As an added bonus, we’ve highlighted some developing security trends and featured a quick tip to get more out of your compliance management.
Vulnerability Scanning or Penetration Testing?
People often assume vulnerability scanning means you’ve checked the box for penetration testing, and that’s all you need to fulfill security testing. Vulnerability scanning isn’t penetration testing. They are different tests that have different purposes — and you need both in order to maintain a strong security posture, and to achieve compliance.
Vulnerability scanning uses pattern-based recognition to find matches that indicate problems. The software that runs the scan then reports each of the matches, and it’s up to you to resolve the issues.
Vulnerability scanning typically handles the low-hanging fruit — stuff that’s easy to find, usually host-layer and net-layer vulnerabilities. It detects patching, operating systems, incorrect settings on the machine, unsecure transmission protocols, and other related kinds of issues.
Vulnerability testing is a good and efficient tool for catching that low-hanging fruit, but it can’t cover everything. If your organization passes a vulnerability scan, that doesn’t mean you aren’t susceptible to cyber attacks.
Penetration testing is in an entirely different league than vulnerability scanning. It’s much more holistic, and is performed by experienced security engineers. A vulnerability scan is one of several different tools that would be involved in a penetration testing engagement, let alone all of the manual testing and validation involved.
With pen testing, you aren’t doing it yourself, like you might with a vulnerability scan. This gives you the opportunity to get real answers from professionals with deep expertise and experience. More interchange happens on a pen test engagement, including the remediation and validation that’s often required for compliance.
That said, be wary when seeking penetration testing. Vendor offerings can range from little more than a vulnerability scan to dropping ninjas from the ceiling tiles, running around with wireless scanning sensors! Best bet is to select someone whose price falls into the reasonable middleground to take best advantage of testing quality without breaking the bank. TCT can provide guidance if you need it.
Whomever you select for performing your penetration testing, keep in mind that security and compliance standards are getting stricter about the approach for penetration testing. It’s on you to make sure your vendor is performing testing in accordance with the requirements of your security certifications and standards.
The bottom line? You need vulnerability scanning, but don’t count on it to uncover all of your security issues. Instead, fold it into a holistic penetration test that’s delivered by an expert who can help you identify and resolve all of your weak spots to protect your organization.
Quick Tip: Link Multiple Certifications and Eliminate Duplicate Work
If you’re going up against more than one certification, you usually have a lot of duplicate work to do. Much of your evidence is used by multiple frameworks, which means you’re uploading the same files multiple times, while attempting to figure out what maps where. Not only is that tedious, but it’s a waste of time and effort.
TCT Portal’s live linking handles the duplicate work for you. Live linking ties multiple certifications together and automatically populates the evidence in all of the appropriate certifications when you upload it once.
For example, you might tie your HIPAA and PCI frameworks together in TCT Portal. When you upload evidence into PCI, that evidence automatically populates into the corresponding controls within HIPAA as well.
Whether it’s explanations or attachments, TCT Portal can populate anything you upload across all of your connected certifications in an instant, and in real time.
Live linking works with any certifications you’re using. Best yet, it’s a standard feature in TCT Portal. If you’re using the Portal, you can get started with live linking today!
What’s Going on in Security Today
Russian state-backed hackers successfully bypassed multi-factor authentication at a private organization. They were able to compromise an account with a poor password, re-enroll in MFA with their own device, log in with this user, and gain domain administrator access. They then disabled MFA for the entire organization.
The account that was initially leveraged had been left active in the target organization, instead of being disabled. This is a stark reminder that it is of utmost importance to disable every user account immediately that is no longer needed within your organization — and even on home networks, for that matter.
A new ransomware, called “LokiLocker,” has been identified. This is a new type of ransomware, classified as Ransomware as a Service, or RaaS. It uses AES encryption to encrypt all files. Disguising itself as a Windows Update, the attack can overwrite the MBR (Master Boot Record) and wipe the remote infected device. There has been evidence that this was developed and distributed initially by Iranian developers.
If you’re the victim of a ransomware attack, you may think it’s your best bet to just pay the requested ransom. There are several reasons why that’s a bad idea, and why you should invest in defensive measures instead.
Only 51% of ransomware victims who pay the ransom reported the payment actually leading to file recovery. Paying the ransom also encourages more attacks for more payouts from that specific attacker, and the payments and funds allow attackers to wage more sophisticated attacks in the future.
Read the full article for more information.
A new report from Check Point Research indicates there are over 2,100 mobile apps using firebase cloud-based databases that have leaked or exposed customer data. This allows attackers and threat vectors to obtain information about the apps’ clients.
This is roughly 5% of all firebase databases that were found to have been exposed, equalling thousands of new applications every month that could have their database information leaked or have openings that leave that opportunity on the table.
A new rootkit has been discovered that is specifically targeting Oracle and Solaris ATM machines. The rootkit uses fraudulent cards to withdraw money using unauthorized cash withdrawals. The attacks, called CAKETAP, have taken place over a few years. CAKETAP works by intercepting card and PIN verification messages, then using the stolen card data to perform the fraudulent transactions.