Articles of interest from the week of March 2, 2020

'Malware-free' Attacks Now Most Popular Tactic amongst Cybercriminals

Malware-free or fileless techniques accounted for 51% of attacks last year, compared to 40% the year before, as hackers turn to stolen credentials to breach corporate networks, reveals CrowdStrike's latest threat report. (By Eileen Yu, ZDNet) Ingalls: Our MDR (Managed Detection and Response) services offer layered cybersecurity controls for effective risk management and rapid response. It was designed to be a method of proactive prevention against security threats to your environment, especially zero-day threats, making it one of the industry's leading cybersecurity tools. MDR is critical when it comes to staying ahead of all kinds of threats, detecting and stopping them before they become breaches.

Educating Educators: Microsoft's Tips for Security Awareness Training

Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices. (By Kelly Sheridan, Dark Reading) Ingalls: Your organization's security is only as strong as your employees' awareness. Strengthen your defenses against social engineering attacks with our specialized training and testing programs to provides effective awareness and prevention to your company.

Hackers Use Windows 10 RDP ActiveX Control to Run TrickBot Dropper

A group of hackers is using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap that was seen recently adopted by TrickBot for delivery. (By Ionut Ilascu, Bleeping Computer) Ingalls: Having spent the last decade in war rooms and boardrooms investigating attacks by criminals and nation-state sponsored hackers, our team understands how to prevent and respond to cyber attacks. Even with the best controls in place, a security incident can still happen. In fact, when we talk in terms of incident response it may not necessarily refer to a breach, but an attempted breach. Regardless, whatever is responsible for triggering a response, our team of experts has the experience to resolve cyber attacks quickly and discreetly in order to get you back to normal as fast as possible.

How Device-Aware 2FA Can Defeat Social Engineering Attacks

While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why. (By Markus Jakbosson, Dark Reading) Ingalls: In today's office, employees are bringing more and more of their own devices onto your company's network, including potentially infected mobile phones. Endpoint detection and response lets you find and destroy malware before it executes. Our AI driven software platform enables dynamic threat detection and immediate remediation efforts.

These Are the First Passwords Hackers Will Try when Attacking Your Device

Haven't changed those default passwords yet? You really should. (By Steve Ranger, ZDNet) Ingalls: Having strict password requirements is an example of an often overlooked but extremely important security measure that needs to be taken in your organization. Security policies mandate steps employees and managers should take to keep information secure and help guide individuals to make good decisions, so having strong policies is vital. Let us help review and test your policies to ensure adherence and effectiveness.