Vector-Best is the largest Russian manufacturer of reagent kits for laboratory diagnostics. Today, the company employs more than 900 people. The company produces more than 600 products for enzyme immunoassay, real-time PCR and clinical biochemistry. The company has more than 20 research laboratories, which allow us to constantly improve the manufactured diagnostic kits and implement new ideas in the field of laboratory diagnostics.
image
Prerequisites
The history of Vector-Best begins in the late 1980s. During the existence of the company, file storages have grown significantly. Historically, information has not been deleted; files and documents have been accumulated over the years and put into archives. In addition to important documents containing financial and production information, as well as research data, file garbage also accumulated. As a result, the company realized that sooner or later this could lead to a lack of control over data and access to information resources, as well as to a decrease in system performance.
“There was a conscious need to put things in order in the data,” says Vyacheslav Buldygerov, senior information security engineer at Vector-Best. - It so happened that the entire range of tasks, including the categorization of data in understanding what should be where, who works with the information, lies with the IT department in the person of a couple of people. Of course, it is impossible to keep such information in your head and certain tools are required. At first, we solved the problem using a semi-automatic method - we independently developed scripts and used them to restore order. But having put things in order once, it is impossible to guarantee its observance. The infrastructure of the company is “live”: time has passed, and everything starts to spread again. As a result, you need to either make emergency efforts again, or establish it on an ongoing basis. And on an ongoing basis, this means there is a normal interface that warns about everything and a person systematically works with it. And from this point of view, Makves DCAP is a good tool for organizing all file storages.”
Solution
To ensure transparent control over file storages, Vector-Best launched a pilot project Makves DCAP .
“When half of the tidying up job was set to semi-automated, I met Makves at a conference. We talked at the stand and I was amazed at the coincidence - after all, it was to solve such a problem that I wrote the script myself! It became clear that the system was invented, being in a similar situation. It was interesting to talk about how you implemented it, why it is so, and not otherwise. We began to communicate regularly, and I came to the understanding that I myself would not finish the scripts to something so beautiful and convenient. As a result, it was decided to make a pilot,” says Vyacheslav.
As part of the pilot project, an analysis of network storages was carried out to identify the owners of large files and file duplicates. A full range of users with access to company resources was identified to assess information security risks. As a result, it was possible to identify copies of important documents in the public domain, documents with 5-fold duplication located in different places of the file storage, identical archives and a large amount of non-business files. Their direct owners were also identified. The IT department noted that the scripting method used earlier did not reveal duplicate information and only helped to see the size of the folders.
“Special thanks to the pre-configured filters “Non-Business Files”. You go to the tab and you see that it turns out that we have a fair store of music from an employee. Moreover, he put it down a very long time ago, and obviously he doesn’t even listen anymore. Well, it just lies for 8 years, no one pays attention, because this is the tenth nesting folder. Without DCAP, we would not have found this, because it would not have occurred to us to look, since everyone is used to the volume occupied, ”comments Vyacheslav.
Having also considered one of the foreign solutions of the DCAP/DAG class, the company made a choice in favor of the Makves product.
“Earlier, we already used the Netwrix solution for auditing Active Directory and planned to purchase a module for file audit,” comments Vyacheslav. — Makves DCAP seemed more interesting in many respects.
First, by what templates and reports are in the system. In Netwrix, everything is implemented by bare queries to databases, from which you can extract anything you want, but for this you need to be able to write these queries. And in order to bring beautiful and understandable reports from this data, separate work is required.
Secondly, it is always interesting when there is where to apply your skills and experience. And Makves DCAP has much more options for automation settings, active reactions and customization. After reviewing all the possibilities of the system, it became clear that a lot of things can be implemented and it is interesting to work with the system. The alternative foreign solution does not have such response and automation capabilities.”
Creating custom dashboards in Makves DCAP
results
Through the implementation of Makves DCAP, the company gained a clear understanding of the file structure, information storage locations and access to corporate resources.
30% file storage optimization
By identifying multiple duplicates and non-business files
Reducing Information Security Risks
The use of the system made it possible to reduce the risks associated with the storage and access to corporate resources by identifying inactive system users, mailboxes with multiple access, and duplicates of confidential information in the public domain.
The company received a tool for developing and complying with internal regulations and information security policies.
erid:Pb3XmBtztBt6HLDrUkEPMTShNXaojZbB8Ppk86r
The world is going crazy, but it's not too late to fix it. Subscribe to the SecLabnews channel and do your part to prevent the cyber apocalypse!
How a virus on MacOS changed the world's cybersecurity
12:04 / December 19, 2022
Not so long ago, it was believed that the Mac computer was invulnerable to viruses. Apple stated that "it does not get infected with computer viruses". But that was before the Mac OS X Flashback Trojan appeared in 2012.
With the advent of Flashback Trojan, Mac and iPhone security issues have changed a lot, as has the security of the whole world. In this article, we'll explore how the Flashback incident unfolded and how it changed the security landscape forever.
What is Mac Flashback Trojan?
Flashback (also called Flashfake) is a type of malware for Mac OS X that was first discovered in September 2011 . By March 2012, the Trojan had infected about 700,000 computers worldwide. Once infected, the compromised computers were included in the botnet, which made it possible to install additional malicious code. One of the goals of the malware was to create fake search results.
Attackers also used Flashback to profit from Google ads. The ad click component of the Trojan was loaded into Chrome, Firefox, and Safari, where it could intercept browser requests and redirect certain search queries to a page of the attacker's choice. From there, the perpetrators generated click-through revenue totaling about $10,000 a day.
Infection via WordPress
At the time, Kaspersky Lab suggested that the Flashback malware was created by Russian developers .
The program implements a redirect script from a huge number of legitimate sites around the world. By early March 2012, the program had infected tens of thousands of WordPress sites. This could be due to site owners using vulnerable versions of WordPress or installing the ToolsPack plugin. About 85% of the compromised sites were located in the United States.
When visiting an infected site, users are prompted to download or install Flash Player. The malware installs a dynamic installer and auto-run code on the computer that makes changes to all applications that run on the system. In addition, the virus also establishes a connection with a remote server and sends it information about the MAC address of the infected device.
New Reality for iOS and Mac acOS
The news of Flashback shocked the entire cybersecurity and IT industry. Trust in Mac OS, which was considered a refuge from viruses, instantly disappeared. And this was not an isolated case. In April 2012, a new Trojan for Mac OS X was discovered.
In addition, vulnerabilities continue to evolve today. In August 2022, Apple published security updates for iOS 15.6.1, iPadOS 15.6.1 , and macOS Monterey 12.5.1 . The patched vulnerabilities give a hacker full administrative access to the device. This allows a cybercriminal to impersonate the owner of the device and subsequently run any software on his behalf.
Moreover, the new 2022 Global Threat Report from Elastic Security Labs showed that 48% of all macOS malware comes from a single application . The MacKeeper application, designed to protect and improve device performance, delivers 48% of malware that targets macOS to Apple computers, the researchers said.
Increase in malware
However, Mac or iPhone is still safe compared to other devices: their built-in protection is still better than others. According to Atlas VPN , macOS malware development has grown by over 1,000% in 2020, with a total of 674,273 malware samples created. Windows has much worse statistics - more than 91 million samples.
The Flashback incident led to a rapid increase in the number of attacks. For example, from 2012 to 2013, the growth rate of malware infections more than doubled, from 82.62 million to 165.81 million incidents. In addition, financial losses caused by cybercriminals increased by more than $200 million.
Many factors are driving this growth. Among others, this includes:
growth of remote work (there are more surfaces for attacks);
special operation in Ukraine;
cheap services of cyberattacks "on order".
The IBM Cost of a Data Breach 2022 report found that 83% of organizations have experienced a data breach at some point. These new realities make security not only a top business concern, but also a key element of the overall business strategy.
New threats require new tools
No system is completely secure, but every system must have security features – regular threat monitoring, Zero Trust, and AI-based protection will help to secure systems against cyber threats.
The number of applications and devices is actively growing, as well as remote work. Companies are moving their networks to the cloud. We now operate without a network perimeter, and security solutions must evolve to protect our systems anywhere.
Adaptation to modern conditions
Despite the growing danger in cyberspace, cybersecurity specialists successfully cope with threats. For example, an IBM report showed that:
Companies saved an average of $3.05 million per hack thanks to deployed artificial intelligence and security automation;
An average savings of $2.66 million was achieved through Incident Response (IR) teams and a regularly tested IR plan;
Advanced Detection and Response (XDR) technologies reduced response time by 29 days.