Blog
From The CTO’s Office
Dear Reader, It is with great pleasure that we are presenting you with Help AG’s Q2 2022 Threats and Vulnerabilities Report.
In these quarterly reports we take a step back to look at the data we acquire from our operations to identify cybersecurity trends that impact the region.
Due to the vast amount of data that we process, we believe that we have the ability and the advantage to give an unprecedented look into what is happening in the realm of cybersecurity.
For you as a client, I hope you can convert these insights into better processes, capabilities and responses – as it is all about learning and understanding that these cyber attacks are now pervasive and constantly introduce business risks that could impact both organizations and individuals.
I want to highlight a few elements from the report that I personally found very interesting.
In the section from our Incident Response team, there is a full breakdown and description of how Ransomware as a Service (RaaS) providers – yes, such a thing exists! – operate.
Our team has provided a technical breakdown, and even if you may find it too detailed, it gives you a very good idea of the advanced attacker capabilities we are all dealing with as we try to stay secure.
Another section I would like to highlight is the one from our Head of Cybersecurity Analysis, where he sheds light on some of the areas that organizations must improve in. Unfortunately, we still see how easy it is for adversaries to trick users into aiding attacks and gaining the first foothold into the organization, and then utilizing different attack techniques on critical systems like the Active Directory (AD) to cause further impact and damage.
The topic of AD, as far as I am concerned, is still one of the most underinvested areas from a cybersecurity perspective. There are three elements of AD that make it a specific focus for attackers today, and therefore why we as defenders should protect it.
Active Directory is present in all organizations around the world, creating an economy of scale for attackers. If they find just one weak spot, they can attack and utilize it everywhere.
Most cyber attacks require access to privileges, and these privileges are obtained via exploitation of AD vulnerabilities, weak configurations in the AD, and poor security monitoring of the AD.
Finally, organizations use AD for any and every authentication today, making us incredibly dependent on the availability of this system. Hence, if attacked, it will completely disrupt business operations.
At Help AG, we have recognized the vitality of ensuring the availability of our company’s Active Directory and the need to protect it. We now have the capability to recover our organization’s AD in just 20 minutes from a total wiped out scenario.
It is important to keep in mind that just like we know this, the attackers know this too. At Help AG, we have recognized the vitality of ensuring the availability of our company’s Active Directory and the need to protect it. We now have the capability to recover our organization’s AD in just 20 minutes from a total wiped out scenario.
If you have not tested the security of your AD lately, I urge you to contact us so that we can help you, as well as focus on and test how quickly you can recover your Active Directory with your existing methods.
This report also gives me a great opportunity to shed light on some of the things we are busy with in Help AG – and we have not had a moment to spare!
Our Security Operations Centre (SOC) in the Kingdom of Saudi Arabia is now fully operational, and we have onboarded our first clients for 24×7 Managed Detection and Response services.
Due to data regulations and requirements in Saudi Arabia, we believe that our ability to deliver local services with local resources, coupled with our excellent track record and capabilities enable us to make a significant contribution. We are of course not starting from scratch, as we leverage our centralized capabilities and functions from our MSS services in the UAE.
Behind the scenes, we are making great strides in unifying management of use cases and response frameworks across our client base, which will translate into even greater and stronger automation and response capabilities.
While we are all making great advancements to protect our clients better, it is still a concern for me that the threat landscape continues to become increasingly complex, attributing to the fact that current geopolitical tensions have an impact on cybersecurity, and that cyber attacks have become a perfect crime with very limited negative impact on the perpetrator. We are dealing with complex scenarios, where attribution is a challenge and prosecution very difficult, often leaving the crime unsolved or without punishment.
Until a proper balance is established, and the business model of the attacker is challenged, we are unfortunately in a situation where we will continue to witness constant attack attempts, with some of them being successful.
As I often say, cybersecurity is binary: As protectors we need to be right every single time, whereas the attackers only need to be right once!
Stay safe.
