Has your cybersecurity been compromised?





We respect your privacy, and we hate spam as much as you. Which is why we will never share your email address with anyone.

Enquire Now

ARE YOU A VICTIM OF SHAMOON? WE’RE HERE TO HELP

By   |  Posted Wednesday, 1st February 2017

Since the Shamoon attack took place on the 21st of January 2017, the Help AG Managed Security Services (MSS) team has been working extensively with organizations across Saudi Arabia on their digital forensics and clean-up activities.

In this blog, we shall highlight the technologies that could have protected organizations, and present the solutions that we at Help AG offer to help secure our customers.

Privileged Identity Management:

As the effectiveness of Shamoon was made possible because of its use of admin credentials, Privileged Identify Management (PIM) and Privileged Access Management (PAM) are technology areas worth considering.

A PIM solution creates an interface between the administrative user in the organization and the system that is being managed. The general idea is that the administrator no longer knows the admin password, but that he is “granted” admin access from the PIM/PAM system. It is therefore the PIM/PAM system that has administrative rights and not the user.

Help AG works together with Beyond Trust on PIM/PAM solutions and will be happy to discuss this area with you: https://www.beyondtrust.com/products/powerbroker/

E-Mail Sanitization:

It is believed that Shamoon’s initial phases were delivered by a spear-phishing email- simply, an email with an attachment which executed the malware on the user’s machine. The major issue here is that seemingly harmless attachments can create a lot of damage within an organization, aiding in everything from credential thefts to crypto-malware

Today, there are technologies available which can look at inbound e-mails and deconstruct attachments- basically breaking up the attachments into their functional elements and then reconstruct the, without the potentially harmful parts. An example could be a word-file being sent to you with a macro embedded in it. With the correct technology, that word file can still be delivered to the user, but only after the macro has been removed from the file.

Help AG works with OPSWAT on data sanitization. The solution is installed as a mail transfer agent after your existing e-mail defences and therefore does not require any change to user behaviour. We also integrate OPSWAT with sandbox solutions, which means you can perform behavioural based analysis on e-mail attachments. For more information on OPSWAT please get in touch with us and visit: https://www.opswat.com/products/metadefender/email-security

Threat Intelligence for Existing Security Platforms

In case you have existing Next Generation Security Platforms, it can be beneficial to look at enabling Threat Intelligence Feeds. As an example, with Palo Alto Networks, the Wildfire feature set is interesting to investigate. Or if you have Cisco, the AMP feature set, and in Fortinet the Advanced Intelligence Subscriptions.

Help AG MSS provides a dedicated Threat Intelligence service which can also be subscribed to and ingested directly into your security infrastructure.

Threat Isolation of Privileged and Sensitive users

Threat isolation is a new technology which has recently started to appear. The technology works by executing websites in an isolated centralized platform and then delivering the rendered webpage to the user utilizing the solution.

The benefit of the solution is that your privileged user’s machine never executes any client side components, and therefore is also isolated from attacks from websites or potential URL phishing. Help AG work with Menlo Security on these technologies https://www.menlosecurity.com/

Client Application Whitelisting

Application whitelisting can be a very efficient way of dealing with Shamoon, as it can stop untrusted executables from running on user machines.

Help AG works with a number of vendors, which have application whitelisting solutions. These include Carbon Black Protect and Symantec Endpoint ProtectionPalo Alto Networks recently added signing certificate validation to the TRAPS platform, which also can add value.

It should be noted that there are of course big differences in the capabilities of each platform, but if you have any of them deployed. you should investigate how you can harden your environment.

Managed Security Services

Shamoon executed at 4 am on the 21st of January. Were you monitoring your environment at that time?

Customers subscribed to our Managed Security Services are already covered by a number of use-cases specifically focusing on suspicious account behaviour. Furthermore, we have enabled inspection for Shamoon’s indicators of compromise for our MSS customers.

Should you need any technical assistance or guidance in managing this or any other cyber threats, contact the Help AG Cyber Security Operation Center (CSOC).

Blog By:

Help AG Managed Security Services Team

RELATED POSTS

LET’S START AT THE END(POINT)

Cyber security encompasses a number of solution, policies, procedures and practices- and it’s a list that keeps growing as cyber criminals fine tune their strategies and find new…

Read More

OUTSOURCING SECURITY? HERE’S 6 TIPS FOR SUCCESS!

In recent years, numerous high-profile attacks and countless more unreported security breaches have placed cyber security front and centre in IT discussions. Every CEO wants to hear a…

Read More

TOP MIDDLE EAST CYBER THREATS-07 JUNE 2018

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a…

Read More

Back to Top