Cyber Risk Management Solutions
Top-Clicked Phishing Email Subject Lines of Q4 2018

Top-Clicked Phishing Email Subject Lines of Q4 2018

Wondering what the top phishing email subject lines from Q4 of 2018? KnowBe4 reports on this every quarter. Take a look at the infographic, you may be surprised to see what hackers are using!


Here at Cybriant, we are no longer surprised to see the phishing email subject lines that are our users click on. Even the best, most highly trained employees can be tricked. It seems you have to be suspicious of each and every email that comes into your inbox. 

Through our PREtect ADVANCED service, we have the ability to stop any malicious activity before it can execute. 

PREtect ADVANCED is the second level of our tiered cybersecurity service, adding next-generation endpoint technology which utilizes AI and machine learning to insulate endpoint devices from malicious code while capturing and analyzing forensic data which Cybriant’s Security Engineers can then utilize to further isolate and remedy the threat.

PREtect ADVANCED features Endpoint Protection Including:

  • True Zero-Day Protection
  • AI-Driven Malware Prevention
  • Script Management
  • Device Usage Policy Enforcement
  • Memory Exploitation Detection and PRevention
  • Application Control for Fixed -Function Devices

Top Phishing Email Subject Lines

Even with this amazing service, you should always train your employees to know what to look for. According to the infographic below, the top general phishing email subject lines are: 

  1. Password Check Required Immediately
  2. Your Order with Amazon/Your Amazon Order Receipt
  3. Announcement: Change in Holiday Schedule
  4. Happy Holidays! Have a Drink On Us.
  5. Have a Drink on Us
  6. De-Activation of [[EMAIL]] in Process
  7. Wire Department
  8. Revised Vacation & Sick Time Policy
  9. Last Reminder: Please respond immediately
  10. UPS Label Delivery: 1ZBE312TNY00005011

From KnowBe4, the top security awareness training company:

KnowBe4 reports every quarter on the top-clicked phishing emails. Here we have the results for Q4 2018. We track three different categories: general email subjects, those related to social media and ‘in the wild’ attacks. The results come from a combination of the simulated phishing email subject lines used by our customers as well as from the millions of users that click our no-charge Phish Alert Button to report suspicious emails to their IT Incident Response team.

Trends That Persisted Throughout 2018

In reviewing the Q4 2018 most clicked subject lines, trends were easily identified; five subject line categories appeared quarter-over-quarter throughout 2018, including:

  • Deliveries
  • Passwords
  • Company Policies
  • Vacation
  • IT Department (in-the-wild)

Additionally, three “in-the-wild subject lines” were clicked three out of four quarters and included Amazon, Wells Fargo and Microsoft as keywords.

The Subject Lines Tell Us Users Are Concerned About Security

“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security.

Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click.”

Here is the full InfoGraphic of top subjects in all categories for the last quarter, the top 10 most-clicked general email subjects in Q4 2018, and most common ‘in the wild’ attacks during that period.

Read the full report here. 

 

2019 Guide to Managed EDR Security

2019 Guide to Managed EDR Security

Managed EDR Security is more important in 2019 than it ever has been. Here are our top guides and recommendations for managed endpoint detection and response.

managed edr security

2019 Guide to Managed EDR Security

Endpoints are attackers’ favorite targets. They are the weakest link in your company’s network. In 2017, it was reported that the WannaCry attack exposed the vulnerabilities of 230,000 endpoints around the world. To this end, installing an endpoint detection and response or EDR is a VITAL aspect of cybersecurity for every company that needs to be proactive to modern-day threats.

What is EDR?

EDR is primarily a technology which brings a proactive approach to the issues of cybersecurity. Most traditional products are reactive to security threats—that is not the case with EDR. EDR security does a great job at monitoring endpoints in real time, hunting for threats which have found their way into the company’s defenses. You’ll also get greater flexibility as regards the happenings on endpoints and even the mechanism to help mitigate the attacks.

One of the common tactics synonymous with cybercriminals is the compromise of endpoints, which enables them to create a foothold on the network. With rapid detection and subsequent response to such attacks targeting hosts— laptops, desktops, and servers– you can be a step ahead in securing your IT infrastructure.

What is Managed Detection and Response?

Managed detection and response security is a service that exists because organizations need resources to take into cognizance risks and also improve on their ability to detect and respond to threats.

Companies have a set of tools and procedures that they employ in the detection and response to threats. But all MDR come with similar characteristics:

  • MDR is more concerned with threat detection, instead of compliance.
  • Services are delivered by using the tools and technologies of the provider—but deployed on the premises of users.
  • MDR is highly dependent on security event management and also advanced analytics
  • MDR is associated with incident validation and remote response.

Why Choose Managed Endpoint Security?

With the level of cybersecurity breaches, your company’s ability to detect and respond to threat is critical. Lacking the complete picture of what is going on across your environment, might put you in a vulnerable position when threat surfaces.

Managed Endpoint Security Benefits

  • Improving detection capabilities—not just network-based monitoring
  • Identify threats beyond traditional preventative security
  • Finding the root cause of attacks quickly and effectively
  • Looking out for threats with suspicious behavioral patterns
  • Separating infected hosts from a network

How Secure is EDR?

 

Technology is increasingly becoming sophisticated, and cybercriminals are also getting better at their game to keep up. Cyber threats are evolving, and antivirus no longer has the same level of protection it once did—detecting suspicious activity and also protecting your device against malware. Cybercriminals are deploying advanced threats to get ahead in this game. Verizon’s 2017 Data Breach Investigations Report puts it that over half of the breaches are malware related, and after one year, their 2018 Data Breach Investigations Report  records only 31% as the included malware.

It then becomes expedient to actively monitor behavioral events at the endpoint level, which is now the new standard. Using EDR security in conjunction with AV allows you to detect abnormal behavior, including an excellent indicator of compromise which AV solution is not capable of detecting.

3 Types of Attacks That AV Will not detect

  1. Zero-day attacks

It is as good as it sounds; it opens up as soon as the weakness is established in AV protection. Hence, before a fix is done, it is exploited. AV may detect a malware signature (continuous sequence bytes that is within the malware), but with a zero-day attack manipulation, sneaking past traditional AV is an easy feat.

  1. Ransomware attacks

Ransomware attacks deal with software downloaded with the help of an unsuspecting victim through an email attachment which has been infected—like a Microsoft word document. AV cannot protect against ransomware; sometimes it is difficult for the signature of malware to be recognized.

  1. Fileless malware attacks

Fileless malware attacks happen on existing Window tools instead of malicious software that is installed on the victim’s computer. As a result, the AV has no signature to pick on.

Why Managed EDR Security Will Detect These Attacks 

Regardless of the kind of malware or virus introduced, EDR security cares less—only cares about the existing behavior. If behavior indicates a suspicious activity, EDR will immediately send alert having identified it. The monitoring of indicators that give a sense of malicious activity will continue to protect against the further threat.

AV protection cannot be relegated to the background, but combining with EDR gives a depth approach as regards your overall security apparatus.

Managed EDR Security to boost Existing Security

MDR is offered to augment the existing security infrastructure and also contain threats that could bypass traditional control. Threats such as network attacks, fileless malware, targeted attacks, etc., are fashioned in such a way that it is difficult to detect.

Most organizations are more concerned with where threat enters and exit the network. But most often than not the lateral movements of threat is less attended to when they enter the system.

Managed EDR security does not in any way replaces the traditional ant-virus software; it supplements it—works together with anti-virus, blocking obvious threat indicators. These types of security threats cannot be tamed by conventional security controls, especially those associated with continuous detection and also response. EDR cannot block threats but can carry out root cause analysis and possibly identify the devices that have been infected.

Typical use cases for Managed Endpoint Detection and Response

  • Identifying and subsequent blockage of Malicious Executables
  • Control of executing scripts– where, how, and who
  • Managing the use of USB devices and preventing use of uthe nauthorized devices
  • Disabled attackers’ ability to use various techniques of fileless malware attack
  • Prevention of malicious email attachment
  • Identify and prevent zero-day attacks successfully.

Merging SIEM with EDR

Organizations are gradually moving from SIEM (Security Information and Event Management)–even the security providers—to EDR (Endpoint Detection and Response). However, it may not be the best decision to take regarding security of your IT infrastructure. These technologies are quite similar but different fundamentally. The EDR may be a fantastic technology, but it does not suffice for replacing SIEM.

To speedily understand the full scope of an attack, one could merge SIEM and EDR and monitored from a single console.

Why should we deploy multiple tools—whose integration barely happens—if we don’t have to?

In today world, traditional SIEMs which depends on logs and related correlation rules find it challenging to detect sophisticated attacks. The combination of logs, endpoint data, and network packet, etc., can go a long way to automate threat detection and avail the security team the opportunity to investigate advance attacks. Several SIEM is without this combination or better still, they come up with a weak add-on and assume they have a complete solution. This barely sufficient for your infrastructure and you may soon find yourself in an uncompromising state.

As cyber threats continue to manifest in different ways, your security strategy should be fine-tuned to conform to current challenges. While endpoint security may be vital to your IT architecture, there is a need to ensure that emerging threats and unwanted applications are not jeopardizing your company’s reputation or profits. Having a system that detects and responds rapidly to modern-day threats is indeed undebatable!

Stop Advanced Threats at the Endpoint

7 Reasons You Need Managed EDR Security

7 Reasons You Need Managed EDR Security

By using managed EDR Security solutions with AI and machine learning technology, your organization will be able to prevent malware attacks before they can execute. Here’s how. 


edr securityImagine. You just started a new job as the Global Information Security Director for a large multi-national organization. Your first recommendation – adding an Endpoint Detection and Response (EDR) security technology – was implemented over the weekend. The first report is available from the initial scan. Holy #$%^. You have just discovered an active threat to your organization. You have two realizations:

  1. You are a HERO. You are going to save the company from a cyber threat that the legacy antivirus completely missed.
  2. You have no idea what to do next. You know this is going to require an overwhelming amount of work to eliminate these threats. And you don’t know where to begin.

By using a managed EDR security service, you’ll have a team of security experts that would have already discovered and eliminated the threat. When you outsource the management of your EDR, a team of experienced security analysts will be able to perform a root cause analysis for any blocked threat or any other artifact deemed important found on an endpoint. The team will proactively search endpoints for signs of threats commonly referred to as threat hunting and take decisive action when a security incident, or potential incident, is identified.

Here are 7 reasons to consider Managed EDR Security services:

  1. Discover what traditional Antivirus has missed

Many organizations are not comfortable removing their antivirus product completely. Very often, clients will utilize managed EDR security services to determine just how much their current AV has missed. Managed EDR Security solutions can typically augment or replace traditional antivirus security solutions. You’ll have the ability to detect and prevent hidden exploit processes that are more complex than a simple signature or pattern and evade traditional antivirus. Gartner coined the term EDR back in 2013. 

  1. Improved Threat Intelligence with AI

It’s possible to use the power of artificial intelligence (AI) to block malware infections with additional security controls that safeguard against script-based, fileless, memory, and external device-based attacks. Unlike traditional endpoint security products that rely on signatures and behavior analysis to detect threats in the environment, our managed EDR solution uses AI, not signatures, to identify and block known and unknown malware from running on endpoints. Also, it delivers prevention against common and unknown (zero-day) threats without a cloud connection and continuously protects the endpoint without disrupting the end-user.

  1. Increased visibility throughout endpoints.

With Managed EDR security, your can detect malicious activities and simplify security incident response on endpoints including applications, processes, and communications. It’s possible to stop attacks before they cause harm, vs allowing attacks to happen, then clean up the mess.  By reducing the number of endpoint security products deployed on the endpoint, customers gain operational efficiencies by not having to manage signatures, policies, or deployments of additional protection.

  1. Alerts and defensive responses when an actual threat is detected

When you work with Cybriant, our analysts can immediately investigate any endpoint in your environment to determine if the activity is in fact malicious. Real attack data is an invaluable source of intelligence for your security team. Without deploying sandbox technology, our analysts can get a glimpse into the mind of the attacker and how they try to compromise your endpoint.

  1. Forensic capabilities

Once an attacker is inside, you need the ability to take a deep dive into their activities, so you can understand their movements and minimize the impact of the breach. When sensitive data has been compromised, the livelihood of a business is at stake. The longer it takes to discover and remediate the cause of a breach, the greater the chance of damage to the company’s reputation and business operations. To limit the amount of exposure and prevent further breaches, organizations need a forensic team dedicated to piece together any evidence and understand the scope of the breach.

  1. Data collection to build a repository for analytics

With managed EDR security, you have a team of endpoint security experts not only utilizing next-generation tools on your behalf, but they are also feeding back information to your organization on how to respond to alerts.  Our security team brings together endpoint analysts, incident responders, forensics experts, and security engineers. They understand what normal endpoint activity should look like, when a more thorough investigation is required when to raise the alarm, and how to respond.

  1. Consolidated Endpoint Security efforts

Endpoint security has evolved over the decades into several reactive technologies to attempt to stay ahead of the constantly changing threat landscape and provide protection, but today a new kind of endpoint security technology can help reduce the number of overall technologies deployed on the endpoint. The use of artificial intelligence to protect the endpoint is enabling organizations to reduce their deployed technologies because the effectiveness rate is so superior to traditional signature-based security. How many different technologies are deployed on your users’ endpoints? How many full-time employees does it take to manage those technologies? By reducing the number of layers of security on your endpoints, you’ll find that you see an improved level of security. Deploying more technology or software on the endpoint will have an impact on system performance. Traditional endpoint security solutions utilize massive amounts of CPU (50-70%) and memory (100s of MB). As a result, end-user productivity is heavily impacted. On average, if an employee loses 10 minutes a day due to slow PC performance caused by traditional endpoint security, over a course of a year the loss in productivity equals about $1,000 per employee. By using a low footprint solution and outsourcing the management of that EDR security solution, you are improving the security as well as the user experience. Consider Managed EDR from Cybriant today. 

Learn more about Managed EDR Security

How to Use AI for Your Enterprise Endpoint Security Solutions

How to Use AI for Your Enterprise Endpoint Security Solutions

With AI-based endpoint security solutions, it’s possible to prevent 99% of malware before it executes. 


endpoint security solutions

Let’s face it…threats against your business are on the rise and your board has zero tolerance for security issues.

You need to optimize your security strategy with artificial intelligence. This article will explain how AI can help enhance your endpoint security solutions.

Artificial Intelligence (AI): Enterprise Security Solutions

Machine learning is a sub-discipline of artificial intelligence which focuses on teaching machines to learn by applying algorithms to data. The terms AI and ML are often interchanged. (Source)

Machine learning is already raising the bar for attackers. It’s getting more and more difficult to penetrate systems today that it was a few years ago. In response, attackers are likely to adopt ML techniques in order to find new ways to get through to your systems. In turn, security teams will need to utilize ML defensively to protect network and information assets as well as to enhance enterprise security solutions.

Artificial Intelligence (AI) leverages the power of machines to dissect malware’s DNA. AI then determines if the code is safe to run.

Using AI

Legacy antivirus technology based on signatures is outdated. Todays’ enterprise security solutions do not require any previous knowledge about a malicious binary file in order to identify its intention.

Only an artificial intelligence approach can predict, identify and prevent both known and unknown cyber-threats from executing or causing harm to endpoints. On average and in hundreds of tests, by using enterprise security solutions with AI, you can stop 99% of threats.

By using AI-based technology, you can proactively prevent the execution of advanced persistent threats and malware, enabling a level of security that far exceeds the effectiveness of solutions deployed throughout enterprises, government, and institutions worldwide.

Unlike reactionary signature, heuristics, behavior monitoring, and sandboxing, which require an Internet connection and constant updates, enterprise security solutions built on artificial intelligence can analyze a file’s characteristics and predict whether it is safe or a threat prior to the file executing on the local host.

AI in Action

Simplifying your endpoint security solutions while maintaining a secure environment can make your security team’s work easier, and their efforts far more efficient. By incorporating an AI-based technology to your endpoint security protection, you can consolidate and distill the security tools your team uses down to a manageable set, in turn reducing redundancies, eliminating high infrastructure expenses, and improving your team’s ability to more proactively secure your endpoints.

Here are several examples of AI-based enterprise security solutions in action:

Malicious Executables

The best way to protect your endpoints from attackers is to identify and stop the attack before it ever starts. By using enterprise endpoint security solutions, you can use field-proven AI to inspect any application attempting to execute on an endpoint before it executes. Within milliseconds, the machine learning model running on the endpoint determines if the executable is malicious or safe. If malicious, the executable is blocked from running, thwarting the attacker’s attempt to compromise the endpoint.

Unauthorized Scripts

Scripts are quickly becoming the tool of choice for many attackers for several reasons. First, for novice attackers, malicious scripts are readily available in the cybercrime underworld, which makes it easy to find one that meets the attacker’s needs. Additionally, scripts are often difficult for some security products to detect, as there are many non-threat uses for scripts. With AI-based endpoint security solutions, you get built-in script protection, meaning you maintain full control of when and where scripts are run in your environment, reducing the chances that an attacker can use this attack vector to cause harm to your business.

Fileless Malware

Memory-based attacks are on the rise as attackers realize the ease with which memory can be exploited to achieve their goals. Many security products have no ability to prevent these types of attacks, but with AI-based endpoint security solutions, memory protection is included. When an attacker attempts to escalate privileges, undertake process injection, or make use of an endpoint’s memory inappropriately by other means, your solution will identify and prevent it immediately.

Malicious Email Attachments

Phishing attacks are still one of the most effective ways attackers gain access to an endpoint and your business. Employees unwittingly open malicious attachments, thinking they are legitimate and enable attackers to undertake any number of malevolent actions. With AI-based endpoint security solutions, weaponized attachments are identified and blocked automatically. If a document, for example, includes a VBA macro deemed to be risky, it will be blocked from executing. This protection adds an additional layer of security, protecting employees from becoming the victim of an attacker and introducing a compromise to your environment.

Devise Usage Enforcement

USB devices are littered across your business. Most of these devices are useful tools, enabling employees to share files with others quickly and efficiently. However, these devices can cause significant damage to your environment if they are loaded with malicious malware or are used to transfer sensitive data outside of your business. To combat this attack vector, AI-based endpoint security solutions have built-in device usage policy enforcement. This capability allows you to control which devices can be used in your environment. This ultimate control means that you can limit the chance that a USB device enables an attacker to successfully execute an attack or exfiltrate data.

Endpoint Security Solutions: Rule-Based

There are several ways to identify potential threats and compromises. First, security analysts can perform searches across endpoints to identify suspicious artifacts, and through manual investigation, determine that a threat exists. While there is tremendous value in this process, it simply does not scale across an enterprise. To root out threats hidden on endpoints, you must use an automated approach to threat detection.

A rule-based engine running on the endpoint and delivered with a set of curated rules will continuously monitor the endpoint looking for suspicious behavior. When detected the solution can take customized response actions in real time with no intervention from the security team.

endpoint security solutions

No business, no matter what security controls are in place, can guarantee that an attack will never be successful. This means you must be prepared to respond if an attack is detected. By working with AI-based endpoint security solutions imagine this: when an attack is identified, with just a few clicks, you can quarantine files, disabling their ability to be used anywhere in your environment.

If you determine an endpoint is harmful, you can also take an aggressive containment move and lock down the endpoint, disabling its ability to communicate with any other endpoints. Identifying a security concern is important, but having the ability to respond is also critical, and when you work with Cybriant for endpoint detection and response, you now have that option.

You can also configure the solution to automatically respond to detected threats, significantly reducing dwell time and your attack surface. True endpoint security does not derive from prevention or detection. To face the constant and variable attacks presented by the modern threat landscape, organizations must have both capabilities in place and deeply integrated to keep pace with attackers.

Consider Cybriant’s managed endpoint detection and response to simplify your security stack, make your analysts more efficient, and make your business more secure.

Managed Endpoint Detection and Response