OFFENSIVE TACTICS: Account Takeover Ransomware is a follow-on attack from another, more ubiquitous problem known as Account Takeover (ATO). For criminals, it’s a short and clear path from obtaining stolen credentials to penetrating your network and bringing business to a halt. In a typical scenario, the ransomware operator obtains stolen credentials through middlemen who specialise…
OFFENSIVE TACTICS: DORMANT MALWARE Once within the network, malware can remain undetected for months or even years. Either security systems lack the sensitivity to spot the intrusion or hackers deliberately design malware to remain in the shadows by minimising changes, turning off detection tools or disguising malware as a legitimate app. Staying dormant allows hackers…
OFFENSIVE TACTICS: EXPLOITING IDENTITIES The switch to remote working induced by the pandemic and subsequent shift to hybrid working has amplified the risk of human error as password disciplines have become harder to control, data is shared more widely and companies transfer critical functions to the cloud. Cyber-criminals see people and their identity credentials as…
OFFENSIVE TACTICS: NEW & LEGACY SYSTEMS With developers typically focusing on supporting latest versions, operating systems are often given less attention and may become a major security risk. Attackers are quick to identify and exploit these vulnerabilities across widely used new or legacy operating systems. EFFECTIVE DEFENCE: BLACKBERRY Together, BlackBerry Protect Mobile and BlackBerry Unified…
OFFENSIVE TACTICS: EMAIL Email is one of the most common vectors for malware to penetrate an organisation. Phishing preys on human error by sending emails pretending to be from reputable sources to induce individuals to reveal personal information such as passwords and credit card numbers EFFECTIVE DEFENCE: IRONSCALES Anti-Phishing platform covering the full spectrum of…
OFFENSIVE TACTICS: ATTACK BEYOND THE NETWORK Hackers think beyond your network to attack digital assets outside the firewall and reach via the Internet. This includes your website, servers and third-party networks as well as shadow IT and rogue assets that could be impersonating your website to extract your data. Many organisations have usernames and passwords…