community - All Articles - CISO Platform2024-03-28T11:08:58Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/communityCommunity Webinar On Dissecting Verizon DBIR : What caused 3000+ breacheshttps://www.cisoplatform.com/profiles/blogs/community-webinar-on-dissecting-verizon-dbir-what-caused-3000-bre2022-07-12T05:54:32.000Z2022-07-12T05:54:32.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>Hello Members,</p>
<p>There has been some very interesting findings in the Verizon DBIR Report 2022. The community has been asking many questions and is excited. We requested a community session from our partner firecompass research division which you can join for free and ask any questions you have. </p>
<p><strong>We are hosting a session on "Dissecting Verizon DBIR : What caused 3000+ breaches" by J.Chauhan (IIT Kharagpur Alumni; Head Research @FireCompass).</strong> Our speaker analyses the report and we understand the most common attack vectors and patterns. In this webinar, we will look deep into the Verizon DBIR report and <strong>find out how attackers navigate to your valuable assets and what you can do about it.</strong> </p>
<p>The last year has been notorious in cyber crime including well publicized critical infrastructure attacks to massive supply chain breaches. In the DBIR report, it has analysed data to find patterns and action types used against enterprises. This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches. (<a href="https://www.verizon.com/business/resources/reports/dbir/" target="_blank">Reference : Verizon DBIR 2022</a>)</p>
<p> </p>
<p><span style="font-size:12pt;">Key Learnings From Session : </span></p>
<ul>
<li>Learn which are the <strong>top 5 attack vectors that contributed to 80% of the breaches ? </strong></li>
<li>Learn about the <strong>rise of the ransomware</strong> & 5 top ways they get the <strong>initial foothold</strong></li>
<li>Learn how <strong>attackers are leveraging web applications in breaches ? </strong></li>
</ul>
<p> </p>
<p>(This is a free session exclusive to ciso platform community members.)<br /> As always, we look forward to your feedback and thoughts. Please send us your ideas on how we can make the community a better value add for you and your peers. Email pritha.aash@cisoplatform.com</p>
<p> </p>
<p><span style="font-size:14pt;"><strong>Session Recording (with Q&A)</strong></span></p>
<p><span style="font-size:10pt;"><strong><iframe title="YouTube video player" src="https://www.youtube.com/embed/l-v7fsLC3fc" width="1110" height="520" frameborder="0" allowfullscreen=""></iframe></strong></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:14pt;"><strong>Executive Summary</strong></span></p>
<p><strong>1. Agenda</strong></p>
<ul>
<li>Objective</li>
<li>Taxonomy of attacks</li>
<li>Top 5 attack vectors that contributed to (approx.) 80% of the breaches</li>
<li>Rise of the ransomwares and few top ways ransomwares get initial foothold.</li>
<li>How attackers are leveraging Web applications in breaches?</li>
<li>What about human errors?</li>
<li>Recommendations</li>
<li>Q/A</li>
</ul>
<p> </p>
<p><strong>2.What Is The Objective ? </strong><br /> The objective to get insights from Verizon DBIR 2022 (Breaches) analysis report and orient the security roadmap, if required.</p>
<p>How can statistics help us ? <br /> Stats based on breaches can tell us where we should focus on. <br /> We believe that continuous security assessment in a way real attackers perform, especially on top of baseline activities such as VA/PT, will help in preventing future potential security incidents and breaches.</p>
<p> </p>
<p><strong>3.Taxonomy Of Attack In The DBIR Report </strong></p>
<p><a href="{{#staticFileLink}}10776419853,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10776419853,RESIZE_710x{{/staticFileLink}}" alt="10776419853?profile=RESIZE_710x" width="710" /></a></p>
<p> </p>
<p><strong>4.Explain The Taxonomy Of The Attack In The DBIR Report?</strong></p>
<ul>
<li>Taxonomy consists of multiple concepts such as attack patterns, attack vectors and attack varieties etc.</li>
<li>Attack Patterns are the complex form of attacks such as system intrusion. An example of system intrusion is multi stage attacks from outside to inside the network</li>
<li>Attack categories are the group of attack vectors.</li>
<li>An attack vector consists of multiple attack varieties at the individual levels</li>
</ul>
<p> </p>
<p><strong>5.What Are The Top Attack Patterns (Complex Attacks) That Contributes To More Than 80% Of Breaches ? </strong></p>
<p>These are the ones:<br /> System Intrusion - Multi Stage attacks to gain access to systems via one or more attack vectors to install backdoors and ransomware.<br /> Basic Web App Attacks - such as Web vulnerabilities, Credential Stuffing using stolen credentials<br /> Social Engineering - Phishing to lure users to submit sensitive information or download and install malicious code<br /> Misconfiguration - Exposed Panels, Exposed Keys, Public Cloud Buckets etc.</p>
<p> </p>
<p><a href="{{#staticFileLink}}10776423282,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10776423282,RESIZE_710x{{/staticFileLink}}" alt="10776423282?profile=RESIZE_710x" width="710" /></a></p>
<p><a href="{{#staticFileLink}}10776423468,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10776423468,RESIZE_710x{{/staticFileLink}}" alt="10776423468?profile=RESIZE_710x" width="710" /></a></p>
<p> </p>
<p><a href="{{#staticFileLink}}10776423480,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10776423480,RESIZE_710x{{/staticFileLink}}" alt="10776423480?profile=RESIZE_710x" width="710" /></a></p>
<p> </p>
<p><strong>6.How Do Ransomwares Get Initial Foothold ? </strong></p>
<ul>
<li>Ransomwares are the on the rise increased above 20% of the all major breaches. Ransomware generally intrude and gain access to the network using various attack vectors as follows: <br /> Use Stolen credentials <br /> Desktop sharing softwares such as RDP, VPN, Anyconnect etc,</li>
<li>Phishing via email <br /> Install ransomware code</li>
<li>Exploit vulnerabilities <br /> Web applications<br /> Product and Frameworks such as log4j</li>
<li>Errors and Misconfigurations<br /> Open Databases, Kubernetes, docker instances</li>
</ul>
<p> </p>
<p><strong>7.What Automation Is Being Used By Hackers To Attack Enterprises? </strong></p>
<ul>
<li>One of the typical automation, without any human intervention is following</li>
<li>Scan for targets on mass scale</li>
<li>Profile the targets using custom crawlers or fingerprinting techniques</li>
<li>Detect CVEs based on technology, or banner</li>
<li>Attempt exploitation</li>
<li>Attempt persistence</li>
</ul>
<p> </p>
<p><strong>8.What Are The Other Ways To Get Initial Foothold Into An Organization ?</strong></p>
<ul>
<li>Misuse Partner Access using stolen credentials or other means such as phishing</li>
<li>Supply chain attack by compromising devops pipeline, system management tools such as Solarwind etc.</li>
<li>Target desktop sharing software</li>
<li>Use stolen credentials</li>
<li>Exploit a vulnerability</li>
<li>Phishing</li>
<li>Target a Web Application vulnerability<br /> Once the initial foothold is attained, generally a backdoor / c2 agent / ransomware is installed to carry out pivoting<br /> </li>
</ul>
<p><strong>9.How Attackers Are Leveraging Web Applications In Breaches? </strong></p>
<ul>
<li>Web applications are the most exposed assets on the internet.</li>
<li>Attackers use stolen credentials to perform attacks such as Credential Stuffing or brute force attacks</li>
<li>Exploiting a vulnerability,</li>
<li>Misconfiguration such as exposed admin panels etc.</li>
</ul>
<p> </p>
<p><strong>10. What Is The Contribution Of Misconfigurations/Error In Breaches? </strong></p>
<p>The rise of the Misconfiguration error began in 2018 and was largely driven by cloud data store implementations that were stood up without appropriate access controls. <br /> The data tends to be from customers, and it is also the customers who are notifying the breached organizations in a high number of cases. However, Security researchers are still the stars of this Discovery show (although their percentage is down from last year).</p>
<p> </p>
<p><strong>11.Suggested Action Items For Prevention And Mitigation</strong></p>
<ul>
<li>Improve Visibility</li>
<li>Continuos Assessment Of Security Posture</li>
</ul>
<p> </p>
<p><strong>Some Detail Suggestions : </strong></p>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">Continuously Discover Misconfigurations’ </span>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">Admin Panels, Hidden directories, exposed databases</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Misconfigured DNS, Email servers etc.</span></li>
</ul>
</li>
<li style="font-weight:400;"><span style="font-weight:400;">Continuously Assess your Web Applications</span>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">Better visibility</span>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">APIs, Login Pages, Web App Types (VPN, Admin panels etc.)</span></li>
</ul>
</li>
<li style="font-weight:400;"><span style="font-weight:400;">Attacks</span>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">Credential Stuffing (Stolen credentials)</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">SQLi, SSRF, and more injection attacks</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Validate Security Control</span>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">SSL, CSP, WAF/Cloudflare, Captcha etc.</span></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li style="font-weight:400;"><span style="font-weight:400;">Perform Social Engineering</span>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">More depth including installing malware and backdoors </span></li>
</ul>
</li>
<li style="font-weight:400;"><span style="font-weight:400;">Continuously Assess your Desktop Sharing Applications</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Continuous Credential Stuffing attacks</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Malwares are the second most common action category in breaches. Perform Assumed Breached Scenarios</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Build playbooks to emulate supply chain attacks</span></li>
</ul>
<p> </p>
<p> </p></div>Highlights from Community Breakfast Series on CISO Platform Index (CPI) and Vendor Evaluation Checklisthttps://www.cisoplatform.com/profiles/blogs/highlights-cisoplatform-breakfast-meetup-mumbai-delhi-bangalore2015-02-25T08:00:00.000Z2015-02-25T08:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>We are thrilled to have received so many wonderful ideas and suggestions during the breakfast series specifically focusing on CPI findings. Here are the quick highlights!</p>
<p></p>
<p><span class="font-size-4"><strong>What was the objective of the Community Breakfast?</strong></span></p>
<ul>
<li><strong>Preview of CPI Findings:</strong> To present the findings and the rating done by the CISO Platform Community for various products until now. Security officers at the meet were the first to know how individual products got rated by real users. They were also the first in the world to know that. <a href="http://www.cisoplatform.com/profiles/blogs/cpi-cri-framework-concept-note" target="_blank">Click here</a> to know more.</li>
<li><strong>Preview of Product Evaluation Checklist:</strong> To discuss the draft product evaluation checklists on 12 domains (Application Security, BYOD Security, DLP/Data Security, SIEM, IT GRC Management tools…& many more). <a href="http://www.cisoplatform.com/profiles/blogs/common-framework-for-security-technology-evaluation" target="_blank">Click here</a> to know more</li>
<li><strong>Planning of future checklists and Decision Tools:</strong> To select the owners of checklist for each domain who could further present the checklist at the Decision Summit</li>
</ul>
<p></p>
<p><strong>About CISO Platform Index</strong></p>
<p>CISO Platform Index (CPI) - Index developed based on User Satisfaction Survey by CISOs who used the vendor product on different evaluation metrics. <a href="http://www.cisoplatform.com/profiles/blogs/cpi-cri-framework-concept-note" target="_blank">Click here</a> to know more.</p>
<p></p>
<p><strong>About Vendor evaluation checklist</strong></p>
<p>Every CISO creates their own checklist to evaluate vendors, however mostly a basic framework can be found common and reduce huge effort duplication. CISO Platform is working with other CISOs & domain experts to create Vendor Evaluation Checklists for 20 major security domains. <a href="http://www.cisoplatform.com/profiles/blogs/common-framework-for-security-technology-evaluation" target="_blank">Click here</a> to know more</p>
<p><span>( Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/5-application-security-trends-you-don-t-want-to-miss">Top 5 Application Security Technology Trends</a> </b>)</p>
<p></p>
<p><span class="font-size-5"><strong>Community Feedback on CPI during the Meetup</strong></span></p>
<ul>
<li>There was general excitement on the initial report and findings</li>
<li>Some prominent vendors were missing due to lack of ratings by their customers</li>
<li>Some prominent vendors got low ratings and did not cross the cut off. We suggested the participants to agree or disagree. There was general agreement. In cases where the participants disagreed with our initial findings we requested them to vote</li>
<li>We got around 200 more votes from customers during the series. More is merrier.</li>
<li>Some of the categorization of the products were inappropriate. Thank you for pointing those out. We will fix them before the formal launch.</li>
<li>A few CISOs agreed to volunteer in next phase of the report creation and fixing of the gaps. Thank you all.</li>
</ul>
<p></p>
<p><span class="font-size-5"><strong>Community Feedback on Vendor Evaluation Checklist</strong></span></p>
<ul>
<li>CISOs were excited about the vendor evaluation checklists</li>
<li>Excel based checklist has the flaw of being less suitable for presenting to larger audience. So we decided to create ppt and excel version for each checklist</li>
<li>We got the input that there should be explanations along with the checklist questions for removing interpretation bias.</li>
</ul>
<p></p>
<p><span>( Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/top-5-big-data-vulnerability-classes">Top 5 Big Data Vulnerability Classes</a> </b>)</p>
<p></p>
<p><span class="font-size-5"><strong>Few Photographs:</strong></span></p>
<p><span class="font-size-4">Mumbai</span></p>
<p><a href="http://i57.tinypic.com/2mr5nck.png" target="_blank"><img src="http://i57.tinypic.com/2mr5nck.png" class="align-full" alt="2mr5nck.png" /></a></p>
<p></p>
<p></p>
<p><span class="font-size-4">Delhi</span></p>
<p><a href="http://i57.tinypic.com/2ql4gb6.png" target="_blank"><img src="http://i57.tinypic.com/2ql4gb6.png" class="align-full" alt="2ql4gb6.png" /></a></p>
<p></p>
<p></p>
<p><span class="font-size-4">Bangalore:</span></p>
<p><span class="font-size-4"><a href="http://i59.tinypic.com/ri65v7.png" target="_blank"><img src="http://i59.tinypic.com/ri65v7.png" class="align-full" alt="ri65v7.png" /></a></span></p>
<p></p>
<p></p>
<p>More: <a href="http://www.cisoplatform.com/main/authorization/signUp"><b> </b><b>Join the community of 2000+ Chief Information Security Officers.</b></a><b> </b> <a href="http://www.cisoplatform.com/main/authorization/signUp"><b>Click here</b></a></p>
<p></p></div>2016 Community Achievements & 2017 Goalshttps://www.cisoplatform.com/profiles/blogs/2016-community-achievements-2017-goals2017-03-30T11:30:00.000Z2017-03-30T11:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span>2016 has been a great year for the CISO Platform Community and our vision to create tangible community goods. We wanted to thank all those who made valuable contributions to make this happen. </span></p>
<p>We have created more than 200+ checklist. Here are some of them listed:</p>
<p></p>
<p><strong><span style="color:#3366ff;" class="font-size-5">Partial List of Past community projects-</span></strong></p>
<ol>
<li>Cyber Crisis Management Plan <span lang="en-us" xml:lang="en-us">(CCMP) f</span><span lang="en-us" xml:lang="en-us">or Banks in India</span>- <strong><a href="http://event.cisoplatform.com/report-cyber-crisis-management-bank/" target="_blank">Click here to download<br /> <br /></a></strong></li>
<li>Top N Threats & Controls Mapping for IT/ITES Industry- <strong><a href="http://event.cisoplatform.com/report-topn-threats-controls-mapping-for-information-technology-industry/" target="_blank">Click here to download<br /> <br /></a></strong></li>
<li><span>Top N Threats and Controls Mapping for Insurance Industry- </span><strong><a href="http://event.cisoplatform.com/report-topn-threats-controls-mapping-for-insurance-industry/" target="_blank">Click here to download<br /> <br /></a></strong></li>
<li><span style="color:#000000;">Top 4 Resources On IoT Security <strong><a href="http://www.cisoplatform.com/profiles/blogs/top-4-resources-on-iot-security-from-task-force-blogathon" target="_blank">Click Here To Read More<br /></a></strong></span></li>
<li>Checklist To Evaluate SIEM Technology - <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-siem-vendors" target="_blank">Click Here To Read More<br /> <br /></a></strong></li>
<li>Checklist To evaluate A Cloud Based WAF- <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-a-web-application-firewall" target="_blank">Click Here To Read More<br /> <br /></a></strong></li>
<li>Checklist To Evaluate A DLP Technology - <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evalute-dlp-vendor" target="_blank">Click Here To Read More<br /> <br /></a></strong></li>
<li>(Checklist) Incident Response: How to respond to a security breach during first 24 hours <strong><a href="http://www.cisoplatform.com/profiles/blogs/incident-response-how-to-respond-to-security-breach-first-24-hour" target="_blank">Click Here To Read More</a></strong></li>
</ol>
<p></p>
<p><strong><span class="font-size-5" style="color:#3366ff;">Access 300+ Community Articles/Frameworks we built</span></strong></p>
<p>To read more of the community articles,checklists etc. <a href="http://www.cisoplatform.com/profiles/blog/list?tag=Checklists" target="_blank">click here</a></p>
<p></p>
<p><span class="font-size-5" style="color:#3366ff;"><strong>2016 Community Achievements</strong></span></p>
<ul>
<li><strong>8</strong> <strong>Successful Task Force Initiatives </strong>which created various best practices documents like Crisis Management Framework, Top N Threats Frameworks etc.<br /> <br /> (For more details on Task Force Initiative and contribution <a href="http://www.cisoplatform.com/page/ciso-platform-task-force" target="_blank">click here</a> )<br /> </li>
<li><strong>10+ Playbooks</strong> <strong>Created</strong> which summarised the community learning in form of practical reference document. Thanks to those who hosted or agreed to host such <strong>Round Tables</strong> in their offices for more intimate knowledge sharing.<br /> </li>
<li><strong>150+</strong> Blogs and Articles were published on CISO Platform<br /> </li>
<li><strong>25+</strong> Community RFPs Created<br /> </li>
<li><strong>SACON- India's 1st & Only Security Architecture Conference</strong> was started to bridge the skill gap in security architecture. We have a lot of hackers (ethical or otherwise) but very few security architects. We had <strong>more than 250 people</strong> who participated in Bangalore and Goa<br /> <br /> (For more details on SACON event <a href="http://sacon.io" target="_blank">click here</a>)<br /> </li>
<li><strong>CISO Platform 100 global initiative is promoting the top 100 influencers of the industry</strong>. At Kochi we hosted <strong>India's top 100 influencers who are shaping the future</strong> of the industry and the country<br /> </li>
</ul>
<p></p>
<p><span class="font-size-5" style="color:#3366ff;"><strong>Focus for 2017</strong></span><br /> <br /> <strong>Technical Focus Areas: </strong><span>Incident Response, Security Architecture, Fintech Security (for cashless india), IoT Security. Apart from these we will continue with the earlier initiatives.</span><br /> <br /> <strong>Key Community Programs:</strong><span> Task Force, Playbooks and Wargaming. </span><br /> <br /> <strong>"CISO Platform 100" Community Projects- </strong><span>Promote the spirit of giving to community to shape the future of our industry, country and society.... Let's inspire the next generation... Let's create a dent in the world.</span></p>
<p></p></div>