(MENAFN – Arab Times) KUWAIT CITY, Jan 9: Three people suspected of involvement in the hacking of the Kuwait News Agency (KUNA) Twitter account are under investigation, reports GDNonline.com.
Meanwhile, Information Minister Mohammed Al-Jabri announced the establishment of a neutral probe committee to investigate the hacking incident.
A fake government statement was posted on KUNA’s Twitter account saying all US military forces in Kuwait would be withdrawn imminently. The head of the Kuwaiti government’s communication office Tareq Al-Muzarem refuted the report, adding that KUNA’s Twitter account had been ‘hacked’.
Flaws in email security are among the leading causes of cybersecurity incidents for many organizations. Whether it’s ransomware, business email compromise (BEC) attacks, or a spear-phishing email that leads to cyber criminals gaining access to sensitive data, email is the common denominator.
While there are many types of email attacks, unauthenticated email domains which allow bad actors to impersonate a person or an organization are an especially devious and difficult-to-detect vector used by many phishers. One email is all that is needed to launch a devastating and highly sophisticated cyberattack.
Risks of unauthenticated email domains
There are many inherent risks associated with unauthenticated domains, but the biggest one is the risk of email attacks that appear to be coming from a sender in your organization. Such emails might be directed at your employees, or they could be sent to customers, partners, or other members of the public. These attacks often pass through undetected by the content filtering technologies used in secure email gateways. Why? Because there is typically nothing in the content of the email itself, such as malware, links, or attachments, to trigger the gateway. And, because these messages contain your organization’s exact domain in the “From” field, they can be very difficult for humans to detect, as well.
Beyond phishing, attacks sent from unauthenticated domains also impact the organization’s email deliverability. If receivers detect a large volume of fakes coming from a domain, they will downgrade that domain’s reputation, affecting legitimate email as well. In some cases, this can be bad enough to stop virtually all legitimate email sent from that domain.
The importance of DMARC enforcement
If you’re reading along and wondering what you can do to secure your email domain, the answer is simple – implement email authentication with Domain-based Message Authentication, Reporting and Conformance (DMARC).
Your organization may have already implemented Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), two email authentication methods that DMARC builds upon. DMARC relies on and extends the benefits of SPF and DKIM and can eliminate exact-domain phishing and prevent brand and executive impersonation attacks.
A key benefit of DMARC is that it gives domain owners the ability to specify a policy for how they’d like receivers to handle email messages that fail authentication. The enforcement policy allows domain owners to tell email receivers to put unauthenticated messages in the spam folder or reject them entirely — effectively blocking impersonators.
When a DMARC record is set to a policy of reject or quarantine — what we refer to as being at enforcement — it is the most efficient and effective deterrent of impersonation-based attacks. Enforcement is critical: Having a DMARC record without enforcement is like putting a bouncer at the front door who checks everyone’s ID — but then lets everyone in regardless of whether they’re on the guest list or not.
How Valimail helps you reach enforcement in weeks – not months or years
While DMARC implementation is a critical security measure, there are some significant pitfalls many companies face on their journey to DMARC enforcement. Trying to configure DMARC, SPF, and DKIM is time-consuming, frustrating, and difficult to do manually. That’s why it typically takes months or even years for most organizations.
Valimail offers a simple and easy-to-manage process to get your domain to DMARC enforcement, and to do so quickly.
First, you do a single DNS update to point your DMARC record to the Valimail Cloud.
In Valimail’s interactive interface, email sending services are listed by name, not IP address, simplifying identification, and management. We make this identification more completely and more accurately than any other provider in the market. You can easily select the sending services that you want to allow to send as your domain. If you decide to add or remove a sending service or change a vendor, click the drop-down menu, and make the change.
Once you’ve whitelisted all the senders that should be able to use your domain, you’re ready to move to enforcement. Again, with Valimail’s point-and-click interface, this is a simple selection — no DNS updates are required.
Valimail will leverage any of the work you’ve already done towards DMARC enforcement so that you won’t start all over again. And unlike other solutions, 90% of Valimail’s customers reach enforcement in less than four months. An in-house IT professional typically spends less than 20% of their time in the process of getting to DMARC enforcement with Valimail. Once at DMARC enforcement, that time drops to almost zero.
Ready to start on a winning path towards DMARC enforcement? Drop us a quick note, and we’d be happy to help.
The post Less than 10% of enterprise email domains are protected from spoofing — is yours? appeared first on Valimail.
*** This is a Security Bloggers Network syndicated blog from Valimail authored by Valimail. Read the original post at: https://www.valimail.com/blog/enterprise-domain-spoofing/
In 1885, a psychologist named Hermann Ebbinghaus published
his theory on education retention called the Forgetting Curve. His research theorizes that most
people forget up to 80 percent of what they’ve learned within 48 hour, unless
the information is reviewed time and again. With Deloitte reporting that 67 percent of employees believe
their careers require them to receive regular skills updates, corporate
trainers are constantly creating workarounds to minimize its impact. Given the validity of the
Forgetting Curve, why do we still train SOC staff using quarterly classroom
courses or plan bi-yearly tabletop exercises if they’re not effective?
Certainly, there was a time when training SOC teams using
classroom sessions, tabletops, in-person demonstrations, webinars, and dense
tomes of instruction manuals sufficed. But the world has changed. Networks are
exponentially more complex, attackers more sophisticated, and constantly
shifting risk vectors have fundamentally changed the nature of cyberdefense.
These methods — “Training 1.0,” — have provided diminishing returns to the
point where using them on their own has become a waste of time and resources.
So we responded, evolved, and came up with Training 2.0.
With v2.0 we added essential hands-on components. We added sandbox environments
and the ability to look at snapshots of a network during and after an attack.
We practiced forensics, performed root cause analysis, and viewed log files. We
created capture-the-flag challenges to hone pen-testing skills and added
“what-if” scenarios requiring trainees to write simple scripts. Some trainers
used gamified environments where trainees could earn badges, credits and
These improvements have greatly helped to develop
competency, but they don’t prepare SOC teams for the experience of a
real-world cyberattack. Investigating a snapshot of a network or running code
in a sandbox is great, but it doesn’t capture the stress of a live attack.
Modern cyber defense requires SOC analysts to detect, investigate and respond
to an attack as it unfolds over the course of several hours, under severe time
pressure. Furthermore, without consistent practice, the tools and procedures
required for rapid response will be quickly forgotten.
So, given the growing need to train and retain competent
cybersecurity professionals, employers sought a third option. “Training 3.0”
features a new training modality – Experiential Learning, which is exactly what it sounds
like — learning by doing, a.k.a., hands-on training. Using a platform called a
SOC teams respond to simulated cyberattacks that expose them to the reality of
an escalating cyberattack and all the factors that might impact their ability
to perform in the moment.
Experiential learning techniques such as simulated phishing
attacks have become the norm for end-user awareness training, but most
companies have been slow to adopt them in the SOC. That’s slowly starting to
change, but the magic of Training 3.0 occurs when hands-on training is combined
with frequent repetition. The combination of these techniques enables SOC teams
to develop “muscle memory” for critical skills while enabling employers to
gauge how well analysts perform in high-stress situations and respond to
curveballs during a disruptive attack.
Experiential Learning needs to become the standard for
training cybersecurity professionals. It’s not just a good training decision,
it’s a good business decision for three main reasons. First, experiential
learning accelerates competency. Every
attack is unique – when your SOC team has practiced dealing with surprises,
they’re not easily rattled or blindsided and will respond more appropriately.
In addition to developing technical skills, cybersecurity teams also develop
soft skills such as critical thinking, problem-solving, and decision-making.
it bridges the gap between theory and practice. Simulated cyberattacks are as
real as they get. They take playbooks off the page and provide SOC teams with
firsthand experience dealing with cyberattacks before they encounter a critical attack the job. This ensures SOC
staff are prepared and equipped to deal with worst-case scenario situations
using the “muscle memory” they acquired through regular practice.
it delivers exceptional return on investment — After delivering more than
300,000 training sessions, we’ve learned that frequent hands on training
sessions reduce the time it takes a new cybersecurity employee to be cleared
for operational readiness by 66%. That means a new analyst can be ready in 1/3
of the time that it would take versus other training methodologies. In a world
where it takes three-plus months to recruit and up to a year to fully train
cybersecurity staff, that means a shorter exposure period, a quicker reaction
time, and faster time to staff an operational SOC.
By turning thought processes into a force of habit — into “muscle memory,” Experiential Learning enables organizations to forget about the Forgetting Curve once and for all.
For FastMed Urgent Care, speed and efficiency are about much more than creating operational excellence. It translates into prompt, personal, and high-quality medical care where and when patients need it.
With a laser focus on providing best-in-class family and occupational healthcare, FastMed is constantly looking for ways to improve their response time. This includes embracing innovative technologies, but new solutions can often bring out difficult new technological challenges as much as they improve patient care. Over time, FastMed had accrued a seemingly endless number of databases, websites and apps that hospital staff needed to access, often multiple times each day.
“Our team was accessing so much information from so many different resources, they were drowning in usernames and passwords,” said Wayne Dale, application security manager at FastMed. “And they were storing those passwords the usual places — on sticky notes stuck to monitors, in Word files and in their heads.”
FastMed’s mission is to handle both wait times for care and patient privacy with the utmost sensitivity, and they needed a helping hand to accomplish that. That’s where Idaptive came to the rescue.
A Quick Fix
FastMed was looking for a solution that remedied three core issues: Password management that would enable single sign-on, easy installation and management, and the ability to “lock-up” their passwords. With the ability to integrate cloud apps and web logins with Active Directory (AD) — Idaptive was the quick fix for everything on FastMed’s list.
“We also really wanted to take advantage of Idaptive’s ability to store a single login for each resource, which can be shared without individual users knowing or having access to the root password,” explained Dale. FastMed was able to port every app, website, and cloud service that FastMed uses across the organization into Idaptive, and within minutes they appeared on user dashboards. “Adding apps into the Idaptive portal is about as simple as it gets.”
In less than two weeks, FastMed had more than 1,000 users securely accessing over 200 apps, websites and cloud services (virtually every resource required for the organization) all with single sign-on via AD credentials.
Only Positive Side Effects
Idaptive also saved the organization thousands of dollars on reduced help desk calls for password tickets and has eliminated the complexity and hassle of multiple usernames and passwords with easy, one-click access for FastMed’s professionals. “We estimate that an average help desk call costs $15 to $30. Eliminating a couple of hundred calls a month saves us thousands of dollars every year,” said Dale.
Most importantly, in the era of data breaches and increased scrutiny for user privacy, FastMed has made patient information more secure. Healthcare organizations are among the most targeted by hackers, but with Idaptive, FastMed ensures HIPAA compliance without slowing down clinical staff or overburdening them with security steps, allowing them to focus on quality patient care. For this reason, FastMed plans to make Idaptive mandatory for all employees this year, and extend its mobile device management (MDM) capabilities to a growing number of commonly used devices like iPads.
FastMed’s Urgent Care clinics promise convenient, immediate and family-friendly care every single day, no exceptions. Thanks to Idaptive, they’re able to make good on that promise and delivering improved services, with shorter wait times and more secure patient privacy.
To read more about Idaptive and FastMed Urgent care, visit here.