Cisco Recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

Cisco was named a Visionary in the 2024 Gartner MQ for Endpoint Protection Platforms. Learn how we deliver on a vision for bringing together security tools.

How to Protect Yourself from Vishing

“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.

The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:

• Data Breaches: Scammers often obtain phone numbers from data breaches where personal information is exposed and sold on the dark web.
• Public Records: Phone numbers can be found in public records, such as court documents, voter registration lists, and property records, which are often accessible online.
• Social Media: Many people share their contact information on social media profiles or posts, making it easy for scammers to collect phone numbers.
• Online Surveys and Contests: Scammers create fake online surveys or contests that require participants to enter their phone numbers, which are then harvested for vishing.
• Dumpster Diving: Physical documents thrown away without shredding, such as old phone bills or bank statements, can provide scammers with phone numbers. Once a visher has the list, he can program the numbers into his system for a more targeted attack.
• Wardialing: A visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions. When someone answers the phone a generic or targeted recording begins, requesting that the listener enter a bank account, credit, or debit card number and PIN.

Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:

• VoIP: Voice over Internet Protocol (VoIP) facilitates vishing by enabling vishers to easily spoof caller IDs, use automated dialing systems, and leverage AI-powered voice manipulation, all while operating from virtually anywhere with an internet connection. This combination of technologies makes it easier for scammers to appear legitimate and efficiently target numerous victims.
• Caller ID Spoofing: Caller ID spoofing works by manipulating the caller ID information that appears on the recipient’s phone, making it seem as though the call is coming from a trusted or local source. Scammers use specialized software or VoIP services to alter the displayed number, which can mimic the number of a reputable institution, such as a bank or government agency.
• Social Engineering: In live calls, vishers use social engineering techniques to build trust and manipulate the target into divulging personal information. They might pose as customer service representatives, tech support agents, or officials from financial institutions to convince you to hand over personal information.
• Voice Manipulation Technology: Advanced AI-powered voice manipulation tools can mimic the voices of known individuals or create convincing synthetic voices, adding credibility to the call.
• Urgency and Threats: Vishers often create a sense of urgency or fear, claiming immediate action is required to prevent serious consequences, such as account closure, legal action, or financial loss.

To protect yourself from vishing scams, you should:

• Educate Yourself: Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents. As this crime becomes more sophisticated, you’ll want to stay up to date.
• Use Call Blocking Tools: Utilize call blocking and caller ID spoofing detection tools offered by your phone service provider or third-party apps to filter out potential scam calls.
• Be Skeptical of Caller ID: With phone spoofing, caller ID is no longer trustworthy. Since caller ID can be tampered with, don’t let it offer a false sense of security.
• Do Not Share Personal Information: Never provide personal information, such as Social Security numbers, credit card details, or passwords, to unsolicited callers.
• End the Call: If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
• Report Suspicious Activity: Call your bank and report any fraud attempts immediately, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller. Also report any suspicious calls to relevant authorities, such as the Federal Trade Commission (FTC), to help prevent others from falling victim to the same scams.

Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.

The post How to Protect Yourself from Vishing appeared first on McAfee Blog.

How To Prevent Your Emails From Being Hacked

My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive and document sharing.

But here’s the thing – hackers know just how much both individuals and businesses have embraced Google products. So, it makes complete sense that they use reputable companies such as Google to devise phishing emails that are designed to extract our personal information. In fact, the Google Docs phishing scam was widely regarded as one of the most successful personal data extraction scams to date. They know that billions of people worldwide use Google so an invitation to click a link and view a document does not seem like an unreasonable email to receive. But it caused so much grief for so many people.

It’s All About Phishing

Emails designed to trick you into sharing your personal information are a scammer’s bread and butter. This is essentially what phishing is. It is by far the most successful tool they use to get their hands on your personal data and access your email.

‘But why do they want my email logins?’ – I hear you ask. Well, email accounts are what every scammer dreams of – they are a treasure trove of personally identifiable material that they can either steal or exploit. They could also use your email to launch a wide range of malicious activities from spamming and spoofing to spear phishing. Complicated terms, I know but in essence these are different types of phishing strategies. So, you can see why they are keen!!

But successful phishing emails usually share a few criteria which is important to know. Firstly, the email looks like it has been sent from a legitimate company e.g. Microsoft, Amex, or Google. Secondly, the email has a strong ‘call to action’ e.g. ‘your password has been changed, if this is not the case, please click here’. And thirdly, the email does not seem too out of place or random from the potential victim’s perspective.

What To Do To Prevent Your Email Being Hacked?

Despite the fact that scammers are savvy tricksters, there are steps you can take to maximise the chances your email remains locked away from their prying eyes. Here’s what I suggest:

1. Don’t Fall Victim to a Phishing Scam

Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. If you have any doubts, always contact the company directly to verify.

2. Protect Yourself!

Make sure you have super-duper internet security software that includes all the bells and whistles. Not only does internet security software McAfee+ include protection for daily browsing but it also has a password manager, a VPN, and a social privacy manager that will lock down your privacy settings on your social media accounts. A complete no-brainer!

3. Say No to Public Wi-Fi and Public Computers

Avoid using public Wi-Fi to log into your email from public places. It takes very little effort for a hacker to position themselves between you and the connection point. So, it’s entirely possible for them to be in receipt of all your private information and logins which clearly you don’t want. If you really need to use it, invest in a Virtual Private Network (VPN) which will ensure everything you share via Wi-Fi will be encrypted. Your McAfee+ subscription includes a VPN.

Public computers should also be avoided even just to ‘check your email’. Not only is there a greater chance of spyware on untrusted computers but some of them sport key-logging programs which can both monitor and record the keys you strike on the keyboard – a great way of finding out your password!

4. Passwords, Passwords, Passwords

Ensuring each of your online accounts has its own unique, strong, and complex password is one of the best ways of keeping hackers out of your life. I always suggest at least 10-12 characters with a combination of upper and lower case letters, symbols, and numbers. A crazy nonsensical sentence is a great option here but better still is a password manager that will remember and generate passwords that no human could! A password manager is also part of your McAfee+ online security pack.

What To Do If Your Email Is Hacked?

Even if you have taken all the necessary steps to protect your email from hackers, there is the chance that your email logins may be leaked in a data breach. A data breach happens when a company’s data is accessed by scammers and customers’ personal information is stolen. You may remember the Optus, Medibank and Latitude hacks of 2022/23?

If you have had your personal information stolen, please be assured that there are steps you can take to remedy this. The key is to act fast. Check out my recent blog post here for everything you need to know.

So, next time you’re organising a big gathering don’t hesitate to use Google Docs to plan or Microsoft Teams to host your planning meetings. While the thought of being hacked might make you want to withdraw, please don’t. Instead, cultivate a questioning mindset in both yourself and your kids, and always have a healthy amount of suspicion when going about your online life. You’ve got this!!

Till next time,
Stay safe!
Alex

The post How To Prevent Your Emails From Being Hacked appeared first on McAfee Blog.

Trend Micro’s Top Ten MITRE Evaluation Considerations

The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market.

The insight garnered from these evaluations is incredibly useful.  But let’s admit, for everyone except those steeped in the analysis, it can be hard to understand. The information is valuable, but dense. There are multiple ways to look at the data and even more ways to interpret and present the results (as no doubt you’ve already come to realize after reading all the vendor blogs and industry articles!) We have been looking at the data for the past week since it published, and still have more to examine over the coming days and weeks.

The more we assess the information, the clearer the story becomes, so we wanted to share with you Trend Micro’s 10 key takeaways for our results:

1. Looking at the results of the first run of the evaluation is important:

Trend Micro ranked first in initial overall detection. We are the leader in detections based on initial product configurations. This evaluation enabled vendors to make product adjustments after a first run of the test to boost detection rates on a re-test. The MITRE results show the final results after all product changes. If you assess what the product could detect as originally provided, we had the best detection coverage among the pool of 21 vendors. This is important to consider because product adjustments can vary in significance and may or may not be immediately available in vendors’ current product. We also believe it is easier to do better, once you know what the attacker was doing – in the real world, customers don’t get a second try against an attack. Having said that, we too took advantage of the retest opportunity since it allows us to identify product improvements, but our overall detections were so high, that even removing those associated with a configuration change, we still ranked first overall.

	And so no one thinks we are just spinning… without making any kind of exclusions to the data at all, and just taking the MITRE results in their entirety, Trend Micro had the second highest detection rate, with 91+% detection coverage.

2. There is a hierarchy in the type of main detections – Techniques is most significant

There is a natural hierarchy in the value of the different types of main detections. A general detection indicates that something was deemed suspicious but it was not assigned to a specific tactic or technique. A detection on tactic means the detection can be attributed to a tactical goal (e.g. credential access). Finally, a detection on technique means the detection can be attributed to a specific adversarial action (e.g. credential dumping). We have strong detection on techniques, which is a better detection measure. With the individual MITRE technique identified, the associated tactic can be determined, as typically, there are only a handful of tactics that would apply to a specific technique. When comparing results, you can see that vendors had lower tactic detections on the whole, demonstrating a general acknowledgement of where the priority should lie. Likewise, the fact that we had lower general detections compared to technique detections is a positive. General detections are typically associated with a signature; as such, this proves that we have a low reliance on AV. It is also important to note that we did well in telemetry which gives security analysts access to the type and depth of visibility they need when looking into detailed attacker activity across assets.

https://attackevals.mitre.org/APT29/detection-categories.html 

3. More alerts does not equal better alerting – quite the opposite

At first glance, some may expect one should have the same number of alerts as detections. But not all detections are created equal, and not everything should have an alert (remember, these detections are for low level attack steps, not for separate attacks.) Too many alerts can lead to alert fatigue and add to the difficulty of sorting through the noise to what is most important. When you consider the alerts associated with our higher-fidelity detections (e.g. detection on technique), you can see that the results show that Trend Micro did very well at reducing the noise of all of the detections into a minimal volume of meaningful/actionable alerts.

4. Managed Service detections are not exclusive

Our MDR analysts contributed to the “delayed detection” category. This is where the detection involved human action and may not have been initiated automatically. Our results shows the strength of our MDR service as one way for detection and enrichment. If an MDR service was included in this evaluation, we believe you would want to see it provide good coverage, as it demonstrates that the team is able to detect based on the telemetry collected. What is important to note though is that the numbers for the delayed detection don’t necessarily mean it was the only way a detection was/could be made; the same detection could be identified by other means. There are overlaps between detection categories. Our detection coverage results would have remained strong without this human involvement – approximately 86% detection coverage (with MDR, it boosted it up to 91%).

5. Let’s not forget about the effectiveness and need for blocking!

	This MITRE evaluation did not test for a product’s ability to block/protect from an attack, but rather exclusively looks at how effective a product is at detecting an event that has happened, so there is no measure of prevention efficacy included. This is significant for Trend, as our philosophy is to block and prevent as much as you can so customers have less to clean up/mitigate.

6. We need to look through more than the Windows

	This evaluation looked at Windows endpoints and servers only; it did not look at Linux for example, where of course Trend has a great deal of strength in capability. We look forward to the expansion of the operating systems in scope. Mitre has already announced that the next round will include a linux system.

7. The evaluation shows where our product is going

We believe the first priority for this evaluation is the main detections (for example, detecting on techniques as discussed above). Correlation falls into the modifier detection category, which looks at what happens above and beyond an initial detection. We are happy with our main detections, and see great opportunity to boost our correlation capabilities with Trend Micro XDR, which we have been investing in heavily and is at the core of the capabilities we will be delivering in product to customers as of late June 2020. This evaluation did not assess our correlation across email security; so there is correlation value we can deliver to customers beyond what is represented here.

8. This evaluation is helping us make our product better

The insight this evaluation has provided us has been invaluable and has helped us identify areas for improvement and we have initiate product updates as a result. As well, having a product with a “detection only” mode option helps augment the SOC intel, so our participation in this evaluation has enabled us to make our product even more flexible to configure; and therefore, a more powerful tool for the SOC. While some vendors try to use it against us, our extra detections after config change show that we can adapt to the changing threat landscape quickly when needed.

9. MITRE is more than the evaluation

While the evaluation is important, it is important to recognize MITRE ATT&CK as an important knowledge base that the security industry can both align and contribute to. Having a common language and framework to better explain how adversaries behave, what they are trying to do, and how they are trying to do it, makes the entire industry more powerful. Among the many things we do with or around MITRE, Trend has and continues to contribute new techniques to the framework matrices and is leveraging it within our products using ATT&CK as a common language for alerts and detection descriptions, and for searching parameters.

10. It is hard not to get confused by the fud!

MITRE does not score, rank or provide side by side comparison of products, so unlike other tests or industry analyst reports, there is no set of “leaders” identified. As this evaluation assesses multiple factors, there are many different ways to view, interpret and present the results (as we did here in this blog). It is important that individual organizations understand the framework, the evaluation, and most importantly what their own priorities and needs are, as this is the only way to map the results to the individual use cases. Look to your vendors to help explain the results, in the context that makes sense for you. It should be our responsibility to help educate, not exploit.

The post Trend Micro’s Top Ten MITRE Evaluation Considerations appeared first on .