Category Archives: Executive Perspectives

McAfee Surveys Cyber-Threats in the Age of Coronavirus

Change is a constant in technology, and the greatest changes are often driven by major events that fundamentally reshape how people work and conduct business. In the Age of Coronavirus, more than ever, technology and cybersecurity must keep pace with disruption and change, adapt to adversity, and even accelerate their development wherever possible.

The enormous increase in remote work over the last couple of months has placed new pressure on organizations to ensure that employees working from home can access corporate resources from outside corporate-controlled offices and infrastructure. Simultaneously, cybercriminals are seeking to gain from the strain this places on technologies, business procedures, and processes. A critical and effective vector for these adversaries exploiting the health and economic concerns created by the pandemic.

This week, McAfee Labs released a report entitled COVID-19: Malware Makes Hay During a Pandemic to highlight the last few months of pandemic-themed threat landscape activity. The threats typically leverage a phishing email delivery method, with Coronavirus themes and messages developed to lure employees and family members into engaging with and enabling threats to gain a foothold on their systems.

Once established, that foothold can allow cyber adversaries to download malware used to steal corporate usernames and passwords, data, monitor employee user activity, capture user keystrokes, track network traffic and browser activity, and infiltrate networks and cloud services beyond the home. They can impersonate their victim to send emails from the infected machines to propagate themselves on numerous other systems. In the case of ransomware, they could encrypt system files and refuse to decrypt them until the victim sends them a ransom payment.

Below is a summary of some of the cyber threats McAfee has observed since the COVID pandemic has emerged:

Phishing and Trojans: In January, McAfee observed the emergence of a phishing campaign using a strain of the Ursnif banking Trojan commonly used to steal usernames, passwords and user behavior information. As bait, the phishing emails used pandemic-themed messaging and a Microsoft Office document with “COVID-19” in its filename to lure users into opening the attachment and releasing the malware onto their computers.

Beginning in February, McAfee observed another campaign leveraging phishing emails referencing the terms “COVID-19” and “Coronavirus” to entice users to click on links or attachments that then downloaded the information-stealing Fareit Trojan onto their computers.

Example Fareit Emails:

 

 

Bogus SBA Loan Emails: Beginning in late March, a phishing campaign used emails claiming to originate from the U.S. Government Small Business Administration (SBA). These emails appeared to offer small businesses information and guidance on how to apply for SBA loans. In fact, they were a mechanism for infecting unsuspecting small business owners with the information-stealing Remcos Remote Access Tool (RAT).

Scam COVID-19 Tests: In March, cybercriminals distributed phishing emails appearing to originate from organizations offering COVID-19 testing. Users were prompted to open an attached document, which would then download the information stealing Trickbot malware.

Scam Antibody Research & Treatment: By late March, McAfee began to see COVID-19-themed phishing campaigns using a strain of the Emotet Trojan to infect users’ systems. One version of this email promises to provide information on Coronavirus antibody research and new treatments for the disease. Once established on the victim’s system, Emotet can do a number of things on the system but it is almost always programmed to propagate itself by sending large numbers of spam emails to other user’s systems.

Precautionary Measures: April saw the emergence of phishing email campaigns using subject lines such as “COVID-19 Urgent Precaution Measures” to distribute the NanoCore Remote Access Tool (RAT) for exfiltration of valuable information.

Fake John Hopkins Infection Map: April also saw cybercriminals use phishing emails to promote a fake website featuring a global Coronavirus infection map appearing to provide data from John Hopkins CSSE. Unfortunately, those same emails were used to infect inquisitive users with a strain of information stealing Azorult malware.

Bogus Insurance Invoices: Mid-April also saw cybercriminals use COVID-19-themed emails from a bogus insurance company to infect users’ systems with fake invoice attachments carrying the Hancitor malware.

COVID-19 Ransomware.: March saw the emergence of Ransomware-GVZ, a Coronavirus-themed ransomware campaign. Ransomware-GVZ displays a “ransom note” message demanding payment in return for decrypting their systems and the precious personal and corporate data they contain.

By mid-April, another ransomware campaign joined the fray, this time using a strain of Netwalker ransomware to infect users via a malicious file named “CORONAVIRUS_COVID-19.vbs”.

Spam & Scam: Finally, beyond malware, McAfee has detected thousands of COVID-19-themed spam emails and websites scamming victims seeking to purchase medical supplies such as testing kits, face masks, and other protective gear. Over the first 13 weeks of the pandemic, McAfee saw the number of bogus websites increase from 1,600 a few weeks ago to over 39,000.

Takeaways

Cybercriminals will always seek to create ever more sophisticated and opportunistic attacks.  Remote work paradigms create new opportunities and require new defense mechanisms and practices. This week’s report illustrates the importance of maintaining strong cybersecurity defenses regardless of whether employees are in traditional office or home-office environments. We must formulate the right combination of technology and education to make that happen.

Organizations need to defend against cyber-threats at home with data protection solutions capable of preventing intellectual property and other forms of sensitive data from being stolen. McAfee is focused on helping address these challenges with its Unified Cloud Edge and CASB solutions that are inherently focused on protecting both mobile and traditional devices from threats and data theft.  Additionally, modern endpoint and EDR capabilities are capable of detecting a wide range of threats that place the user and their organization at risk.

The future is uncertain, change and disruption are inevitable, and our adversaries are determined in their drive to exploit us at work, no matter where that may be. We must rise to the challenge of pushing technology forward, adapting, and developing stronger cyber defenses to ensure that the “future of work” is a secure one.

Please see this week’s “COVID-19: Malware Makes Hay During a Pandemic” report for our summary of COVID-19-related McAfee threat research.

The post McAfee Surveys Cyber-Threats in the Age of Coronavirus appeared first on McAfee Blogs.

Zero Trust, SASE-Digital Enablers or Adding Complexity to Cyber Ecosystems

Given the title of this article I suspect you are reading this because you have been in a recent situation where you have been asked the question “What is the difference between Zero Trust and SASE?”. I further suspect that the next question you were asked of course is “Which approach is right for my organization?”.  The reality is they are built upon a similar foundation of least privilege management and both matter in the bigger picture. The real question is how do you apply ZTA and SASE to your organization.

The answer is complex. Yes, this may seem like a classic consultant’s default position on just about any complicated question. In this case, it really does depend on several factors. First let’s look at the basic definitions of ZTA and SASE and their origins.

The term Zero Trust was first originated by the industry analyst Forrester a little over a decade ago. The initial concept focused on segmenting and securing the network across locations and hosting models and promoting the idea of the Zero Trust model — the need to challenge and eliminate the inherent trust assumptions in our security strategies that made us vulnerable to external and internal attacks.

Fast forward to the present, Zero Trust has evolved to a framework and or strategy as described by some industry experts. The current definition further extends the concept for secure network connectivity where the initial security posture has no implicit trust between different entities, regardless of whether they are inside or outside of the enterprise perimeter. Least-privilege access to networked capabilities is dynamically extended only after an assessment of the identity of the entity, the system and the context.

Secure Access Services Edge [“pronounced SASSY”] is a term defined by Gartner in 2019. SASE builds on the ZTA concept however credits digital business transformation and specifically introduces the concept that the future of network security will be in the cloud. The SASE model or framework promotes the concept which inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center. SASE suggests that Security and risk management leaders will need a converged cloud-delivered secure access service edge to address this shift.

The National Institute of Science and Technology (NIST) has also weighed in on its definition of Zero Trust with the release of NIST SP 800-207. NIST goes on to define ZTA is not a single network architecture but a set of guiding principles in network infrastructure design and operation that can be used to improve the security posture of any classification or sensitivity level.

Many organizations already have elements of a ZTA and or SASE in their enterprise infrastructure today. Organizations should seek to prioritize the identification of architecture gaps against its current state and incrementally implement zero trust principles, process changes, and technology solutions that protect its data assets and business functions towards a future desired state outcome with measurable success criteria well defined in advance.

Most enterprise infrastructures will operate in a hybrid Zero Trust-SASE/Legacy mode for the next several years while continuing to invest in ongoing IT modernization initiatives and improving organization business processes. Organizations need to implement effective information security and resiliency practices for zero trust and SASE to be effective. When complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and good cybersecurity best practices, ZTA and SASE can reinforce an organization’s security posture using a managed risk approach and protect against common and advanced threats.

Final thoughts on the path forward. Crawl, walk, run towards ZTA and SASE. Engage your security vendors and have them assist you with ZTA/SASE Workshops to assist with identifying your organizations priorities. Shared experiences with implementing ZTA and SASE are key to successful adoption. When exploring ZTA and SASE, remember you need a comprehensive device to cloud strategy.

The post Zero Trust, SASE-Digital Enablers or Adding Complexity to Cyber Ecosystems appeared first on McAfee Blogs.

COVID-19 & Voting: When Paper is the Safest Election Technology

There are concerns that the COVID-19 pandemic will discourage voters from turning out to vote in person for this year’s U.S. presidential primaries and general election.  State governments are considering alternative voting processes to protect voters and election officials from infection at the polls.

As strange as it may sound coming from a CTO, I advise that they utilize vote-by-paper ballots rather than rush to implement a website or mobile app-based voting system. This has as much to do with the lack of resources and technical expertise of local governments as it does with the lack of confidence voters will have in digital-online voting.

Paper ballots are the most trustworthy voting technology because it is difficult to manipulate them at scale. On the other hand, digital voting through a website or a mobile app brings with it not only the possibility of user error, but also the possibility that a cyber campaign using malware or other techniques could manipulate or change citizens’ votes at scale with greater ease.

Some of the techniques that malware uses today, such as in banking fraud, allows the user to type in their credentials (or their authorization key) and makes it look like the user performed the transaction that they intended. With the user’s credentials or transaction code, the malware could perform a different transaction, such as transferring funds to the attacker’s account.

This same issue is present in a voting application or website.  The voter could cast a vote, it would appear to reflect their intended selections, but the vote actually sent to the backend could go to the other candidate.

Unlike a banking application where the user would eventually see the fraudulent transaction in their account statement, in an election, the only result would be the total vote count, and it would not be obvious that a manipulation had occurred. Even national-ID or smartcard credentials don’t help in this type of attack, given that the attack occurs after the user has authenticated to the back-end system.

Additionally, wherever voting machines are used, there must be a paper record or receipt of votes cast to enable election officials to audit their election vote counts. This also enables the voters to have proof their vote was recorded properly.

Some may argue that malicious actors could attempt a counterfeit paper ballot fraud at scale, but the fact is that many states have already established anti-counterfeit paper ballot design standards to counter such efforts. The best of these practices should be adopted wherever the paper ballot becomes the standard voting mechanism in 2020.

Others may argue that a fully digital voting process will protect election board processors that might otherwise contract coronavirus from tabulating the paper ballot votes. But a recent study cited by CDC asserts that the virus can survive on paper or cardboard for only 24 hours. If the U.S. or other countries decided to go to a pure paper ballot format, election officials could either have voters send their ballots through the United States Postal Service or set up drive-through stations where voters could simply walk or drive by and drop their ballots through a submission slot themselves. Then the processors could augment basic protective measures such as wearing gloves with an extra time delay of 24 hours from receipt to minimize risk of transmission.

Another consideration is that local election officials are challenged in securing the basic information systems for voting, such as the websites with information about election process. McAfee’s recent analysis of U.S. local government election security practices showed that 83.3% of battleground state election websites were not using .gov domains and 46.6% were not using https security.  It’s unreasonable to assume that a high integrity digital voting system can be developed in a few months when even the basic cyber hygiene practices are lacking in existing election systems.

Technology should certainly be used in the automation of scanning and recording the votes of paper ballots, as those systems are well proven and leave election administrators a paper record that allows them to audit and verify that there is no manipulation.

Finally, we must make sure that every voter has the ability to vote. Where appropriate, states and local governments need to relax the criteria for remote voting to allow all eligible voters in the country to vote by mail.

In times of a global pandemic, the trust of the public in its government is more critical than ever. Paper may be a 2,000-year-old technology, but ordinary citizens understand and trust paper.  Voters must have faith that their vote will be counted and honored. Given that there are increasing levels of inherent distrust in political systems, we must use the technology that is a trusted common denominator by the broadest swath of the electorate. Ironically, paper is that technology in 2020.

 

 

 

 

The post COVID-19 & Voting: When Paper is the Safest Election Technology appeared first on McAfee Blogs.

Interoperability Is Key To Cybersecurity – A Conversation at CSIS

Interoperability – a subject that for too long cybersecurity companies have treated as an inconvenient nuisance – is finally getting the attention it deserves. In February, I had the opportunity to discuss the critical nature of interoperability with true security experts in the public and private sectors. We agreed that to solve the world’s biggest security problems, collaboration in the cybersecurity industry should become the new norm.

McAfee has long promoted interoperability in our products and through our corporate tagline “Together Is Power.” It was encouraging to hear the perspective of NIST’s Donna Dodson, Cyber Threat Alliance’s CEO Michael Daniel and CSIS’s Jim Lewis, all of whom agreed that designing tools that interoperate with each other is integral to successful cybersecurity and will improve security outcomes for organizations and governments.

Here are some highlights of our discussion:

  • For too long, vendors touted their proprietary “secret sauce” to compete on who had the best (yet incomplete) data set. They’d be better off taking advantage of initiatives like the Cyber Threat Alliance’s information-sharing program, allowing them to shift their focus from improving data sets, to the power of their analytics and the tools they develop for understanding the data. Competing at this level and not on the level of proprietary data sets will help the industry with better insights that ever before, providing a more complete picture of the threat landscape.

 

  • The federal government has added new cyber tools to its arsenal in recent years, but many of them can’t talk to each other. As NIST’s Donna Dodson noted, enabling these tools to work together has significant security and operational benefits. In short, interoperability has real-world business advantages, not just technical ones. Giving businesses and organizations, including the federal government, a full suite of interoperable solutions and tools will have benefits that extend beyond just security.

 

  • Major efforts are underway to make widespread interoperability a reality. From the standards work of various standards development organizations such as OASIS, IETF and others, as well as industry groups such as the Open Cybersecurity Alliance, dedicated to advancing integrated interoperability, organizations are collaborating to help develop standards, open source common communications and data federation capabilities, tools and policies.

Interoperability is critical and vital on multiple levels, as cyber threats continue to challenge organizations across the globe.  We must be able to share standardized threat data. We must be able to integrate our cyber defense tools in a much simpler fashion than is possible today. Organizations need to be able to purchase best-of-breed defensive solutions and integrate them quickly and easily.  We cannot continue to put the cumbersome burden of product and data integration on each organization that buys cybersecurity products.

Cybersecurity vendors should not be competing on plumbing. We must find ways to up-level competition between vendors while focusing on defending against the adversary we all face daily. We need to focus on improving security in order to, for example, help hospitals better understand the threat landscape to prevent life-threatening attacks and help the Department of Defense better identify national security threats. Interoperability makes these things possible, and we must continue to have important conversations like these to make interoperability a reality.

To watch our full discussion, click here.

 

 

The post Interoperability Is Key To Cybersecurity – A Conversation at CSIS appeared first on McAfee Blogs.

Cybersecurity through openness: creating the right company culture

Interoperability and openness are concepts that have a tendency to turn technical quickly. But for McAfee, it goes beyond software. To stay cybersecure, organisations need to build in openness in their company structures, ensuring that different departments, from engineering, to legal, HR and business development teams all work together to protect the company and its assets.

At McAfee, we’ve embedded openness and interoperability both in how we develop our software and in the way the company works because it’s good for business. Increasingly we see that in a maturing cybersecurity protection market, companies need to break out of some of the silos they have built into their organisations, or risk exposing vulnerabilities to the ever-growing threat of cybercrime.

Business culture issues crop up too regularly to be ignored. Whether it’s a privacy officer locking down data that could prove critical to ensure a company’s cybersecurity, security officers failing to explain to other business units how to use a new piece of technology or software in a safe way, or business development executives cutting corners on security to drive down cost these all can leave an organisation exposed to malicious actors. Just as different pieces of software need to work alongside each other, different parts of the business need to work in lockstep to keep cybercriminals out.

Of course, the technical challenge remains. A recent paper from the Center for Strategic and International Studies (CSIS), a top-tier think-tank based in Washington D.C., put the challenge succinctly: “Instead of spending their time responding to threats,” the paper says, “cyber professionals are occupied with managing a complex web of products and services that was supposed to make their jobs easier.”

The proliferation of tools is never going to be solved entirely, but a common set of standards, protocols, taxonomies and foundational open-source software can help ensure that threat intelligence is classified in a common way, anomalies are communicated effectively, and responses are efficient and automatable.

Kent Landfield, our chief standards and technology policy strategist, explained how McAfee approaches interoperability at an event hosted by CSIS in February: “We’re not fighting over the plumbing, or the data communications, but over the real value of the product and what it is bringing to the market.”

In short, Cybersecurity vendors should compete on providing the best solutions, such as threat protection services, to their customers, not on who has the best messaging system or the least-incomplete set of threat-intelligence data.

Work is already being done to solve this issue, through the Open Cybersecurity Alliance, comprising some of the leading interoperability-friendly cybersecurity companies in the market, and information and security executives in companies can help in this effort by building in openness and interoperability into their buying decisions.

Technical and commercial interoperability among vendors is only one part of the solution. Companies need to also look into their own organisation and structure to make sure their security culture allows these tools to be as efficient in tackling cyber threats as possible.

The post Cybersecurity through openness: creating the right company culture appeared first on McAfee Blogs.

How McAfee is Hiring Top Talent During a Pandemic

As the world continues to address a rapidly evolving situation with the COVID-19 pandemic, it’s important more than ever for all of us to do our part to protect our families and communities.  

At McAfee, we play an important role in keeping the world safe from cyberthreats, and our mission to protect all that matters becomes heightened in times of uncertainty such as this. The well-being of our team members, their families and the communities in which we live, remains our top priority. With this in mind, we have and will continue to put stringent safety and precautionary measures in place across all sites globally. Simultaneously, we also know that our customers and partners depend on us to keep them safe too. Our adversaries in the world of cybersecurity aren’t slowing down; and neither will we.

Fortunately, we live in the age of technology where people can stay connected no matter our physical location. McAfee is still fervently hiring at this time and new team members continue to be onboarded. We continue to lean on tools such as virtual interviewing to attract top, diverse talent across the world. With that, I want to share how McAfee is recruiting when virtual interviewing is essential, along with three of my top tips to help candidates prepare for virtual interviews. 
 

1. Hone Your Virtual Interview Skills 

Like an in-person interview, preparation is key for virtual interviews to allow your full, authentic self to shine through. Eye contact, body language and listening is very important when you’re engaging in-person with someone, and as a candidate, you want to have that same connection during a virtual interview. So be sure to make eye contact, nod and leverage visual cues just as you would as if you were in-person.And of course much of the same rules apply for a virtual interview: always do your research beforehand, dress professionally, and be prepared to provide insightful takeaways and highlights that demonstrate you’re the best person for the role.

2. Set Up Ahead of Time

You also want to ensure your technology is ready—check your internet connection, computer audio, webcam and place your cell phone in silent mode. Close down any internet tabs or items that may be distraction – or worse, where an advert or background application may start playing. Make sure you’ve positioned the camera appropriately, your have a clear desk space, the room is well lit and that your background is neutral. It’s also worth having a digital copy of your resume or your portfolio to hand which you can easily email or share through the designated virtual technology you’re using. 

3. Prepare for the Unexpected 

With technology, there’s always a chance for something to go wrong. Before the interview, take time to exchange information with your recruiter in the event of technical difficulties and interruptions. Despite preparing, sometimes instances are out of our control—e.g. pets or children entering the room while you’re interviewing. We are all human beings with lives outside of work that shape who we are. In the event of a disruption, just ask for a few moments, step away and come back when the room is free of interruption again.  

As you seek career opportunities I hope these tips serve as helpful recommendations and ways to successfully land that ultimate dream job. McAfee is committed to providing the best possible candidate and onboarding experience during this unprecedented time and we look forward to e-meeting you where needed!

And if you’re looking to grow your career with a company that values diversity, and/or you’re simply interested to understand more about careers at McAfee, check out the McAfee careers site and available opportunities. 

The post How McAfee is Hiring Top Talent During a Pandemic appeared first on McAfee Blogs.