Cybersecurity

The AI Security Operations Center (AI SOC) is an advanced cybersecurity solution designed to leverage Case-Based Reasoning (CBR) artificial intelligence for real-time threat detection and response. By integrating with existing security tools and utilizing advanced AI algorithms, the AI SOC provides continuous monitoring, analysis, and proactive mitigation of cybersecurity threats, ensuring the resilience and safety of enterprise systems. Key Features and Capabilities Benefits Implementation Roadmap The AI SOC offers a transformative approach to enterprise cybersecurity, combining cutting-edge AI with established frameworks and tools to deliver an adaptive, scalable, and efficient security solution.

In a significant development in the realm of web security, over 110,000 websites, including high-profile sites like hulu.com, intuit.com and texas.gov have been affected by a supply chain attack on the popular JavaScript library, Polyfill.io. Google’s Response Google has taken immediate action by blocking ads for e-commerce sites using Polyfill.io. In a statement shared with The Hacker News, Google emphasized, “Protecting our users is our top priority. We detected a security issue recently that may affect websites using certain third-party libraries. To help potentially impacted advertisers secure their websites, we have been proactively sharing information on how to quickly mitigate the issue.” The Impact According to a report by cybersecurity firm Sansec, more than 110,000 websites embedding the Polyfill library are impacted by this attack. Polyfill.io, a widely-used library, provides support for modern web functions across different browsers. Concerns were raised when the domain was purchased by Funnull earlier this February. Andrew Betts, the original creator of the Polyfill project, urged website owners to remove the library, stating, “No website today requires any of the polyfills in the polyfill[.]io library. Most features added to the web platform are quickly adopted by all major browsers.” Alternative Solutions Web infrastructure providers like Cloudflare and Fastly have offered alternative endpoints to assist users in migrating away from Polyfill.io. Cloudflare researchers Sven Sauleau and Michael Tremante noted the risks, stating, “Any website embedding a link to the original polyfill[.]io domain will now be relying on Funnull to maintain and secure the project to avoid the risk of a supply chain attack.” Malicious Activities Detected Sansec reported that the domain “cdn.polyfill[.]io” was found injecting malware to redirect users to sports betting and pornographic sites. The malware activates under specific conditions, such as targeting mobile devices at certain hours and avoiding detection by web analytics services. Community Response San Francisco-based c/side also issued an alert, noting the addition of a Cloudflare Security Protection header by the domain maintainers between March 7 and 8, 2024. The findings come on the heels of an advisory about a critical security flaw in Adobe Commerce and Magento websites (CVE-2024-34102, CVSS score: 9.8), which remains largely unpatched. Ongoing Concerns Cloudflare has issued fresh warnings, urging website owners to remove Polyfill.io due to ongoing concerns about potential malicious code injections. Cloudflare’s Matthew Prince, John Graham-Cumming, and Michael Tremante stated, “We have never recommended the Polyfill[.]io service or authorized their use of Cloudflare’s name on their website.” Defensive Measures In light of the attack, businesses are advised to invest in advanced and automated solutions capable of monitoring and managing script behavior and integrity in real-time. Pedro Fortuna, CTO and co-founder of Jscrambler, highlighted, “While asking businesses to shift away from JavaScript and third-party add-ons is not an option, companies can begin investing in solutions to monitor and manage script behavior and integrity.” Conclusion The Polyfill.io supply chain attack highlights the critical vulnerabilities in commonly used web libraries, emphasizing the need for rigorous security practices. As these attacks become more sophisticated, it is imperative for organizations to prioritize robust security measures and stay vigilant about potential risks within their software supply chain. For a complimentary vulnerability scan of your development infrastructure, contact our AI Cybersecurity practice at security@axistechnical.com. We will also be reaching out to customers affected by this attack.

They say an ounce of prevention is worth a pound of cure, and when it comes to how to protect from ransomware attacks to keep your business secure, it couldn’t be truer. If you’re looking for the best way to defend against ransomware, malware that encrypts important files until the victim pays the ransom, this guide will go over the most common methods. And remember, one measure is good, but a layered approach is best.  Best preventative practices for ransomware attack protection Multi-factor authentication Security is cumulative. When you employ multi-factor authentication, you bring an extra step of security to the login process. Your users will need a second device, such as a phone or an authentication key, to confirm their login credentials.  Traditional multi-factor authentication (MFA) can take some time to deploy and be costly without an outsourced service. Using a cloud-based MFA service means a faster setup at a more affordable price.  TierPoint offers multi-factor authentication services to fit different levels of security needs. Our CleanIP Managed Multi-Factor Authentication service, powered by DUO, helps protect every user with an easy and reliable cloud-based experience. Users and admins can receive push-based notification approvals, with support available for smartwatches, smartphones, and U2F tokens.  For organizations with more stringent security concerns, TierPoint’s CleanIP MMFA Advanced service offers a souped-up version of our standard solution, providing information on security hygiene of all devices, phishing vulnerability, possible software updates, location, and network data, and more. MFA can be of service, whether your main priority is security, ease-of-use, or assessing vulnerabilities. WAF A web application firewall, also known as a WAF, serves as an additional source of protection from inevitable human error in software development. No program is airtight or perfect, and not all vulnerabilities get caught immediately, especially with a newer application. A WAF works by protecting your data until the vulnerability can be fixed. If you ever arrived on a site and it took a moment to confirm that you were a human using the page, you have likely interacted with a WAF that was assessing you. If your business deals in any personally identifiable information (PII), and/or additional regulatory or industry compliance standards, you should be using a web application firewall. Even if regulation doesn’t demand it, the cost of accidentally compromising data can be so steep that it is often worth it to use a WAF proactively. One thing to keep in mind with web application firewalls is that sometimes they can work too well. To manage one correctly, you need to be able to discern the difference between legitimate blocks and false positives. Access control Even if you have a fairly flat and transparent organization, chances are, there are some resources you’d like to limit to specific audiences. Access control involves who can and can’t view certain resources available in your computing environment. Whenever you limit access to only the users who truly need a certain functionality, you are mitigating risk for your business.  Access control can involve physical limits, such as providing access to specific rooms or physical assets, as well as logical limits, which involves who can access certain important files or networks. Authentication for access control can be done in a few ways, including: Endpoint protection Hand-in-hand with many of the preventative measures listed here, endpoint protection is a larger term that includes protection solutions for endpoints, or devices connected to an organization’s network, that ensures a certain level of security is met. This could include: Threat intelligence and XDR The goal of extended detection and response, or XDR, is to collect and analyze data to determine potential threats in advance. XDR will paint a broad picture of security threats by pulling data from components such as cloud workloads, edge routers, databases, network traffic, and system events. Instead of pooling resources from several different threat detection tools, XDR consolidates and streamlines these efforts, and may also be able to integrate with cybersecurity products and services already being used by the business. More importantly, XDR can help better identify what is and isn’t a potential threat, saving you time from chasing down and investigating every false alarm that might get reported by a more sensitive and less precise tool. Next-gen firewalls As the name implies, next-generation firewalls go beyond traditional firewalls by bringing more than just basic packing and URL filtering to the table: This can provide a strong line of defense for any size business, serving as a comprehensive solution for smaller businesses that can’t afford enterprise services, or as a part of a bigger plan for larger organizations. While some IT professionals shy away from next-gen firewalls out of fear that they will be too difficult to deploy or are too much for their needs, today’s solutions are easier to deploy and configure than they were even a few years ago. Many can also scale up, adding new features after initial deployment at your own pace. By doing this, IT professionals can use the information coming in to decide which features to employ next. Security awareness training and programs One of your best resources to prevent ransomware attacks comes from your users. The better you understand their cybersecurity strengths and weaknesses, the more you can tailor training to improve their knowledge and protect them from attacks and an infected system.  Onboarding of new team members should include a training program that covers how to identify ransomware and protect against it. But it’s not enough to perform training, you also need to test that training. Send out spoof emails that look like ransomware requests. Any users that click on suspicious links from these spoof emails should get automatically enrolled in additional training. It’s important with awareness and training programs to be consistent. This isn’t a “one-and-done” program. Continue to train users as new security threats emerge, and work on improving your user vulnerability scores. Secure Your Business Future: Stand Strong Against Ransomware In the face of rising ransomware threats, it’s essential to arm your business with the best defense. TierPoint offers