According to OWASP, “Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.”
An open source project forum software run by a small team was hacked using a flaw in its software. The attackers managed to wipe out the internal source code repository containing the next version, and all of the forum contents. Although source could be recovered, the lack of monitoring, logging or alerting led to a far worse breach. The forum software project is no longer active as a result of this issue.
An attacker uses scans for users using a common password. They can take over all accounts using this password. For all other users, this scan leaves only one false login behind. After some days, this may be repeated with a different password.
A major US retailer reportedly had an internal malware analysis sandbox analyzing attachments. The sandbox software had detected potentially unwanted software, but no one responded to this detection. The sandbox had been producing warnings for some time before the breach was detected due to fraudulent card transactions by an external bank.
Risk Covered
Hdiv gives a centralized monitoring web console providing real-time visibility into actual attacks. It logs actionable information about attacks and suspicious activity and sends alerts through several types of alert systems: email, syslog, Slack, etc. It is integrated with 3rd party systems, such as task management solutions (JIRA, Asana, EasyVista) and SIEM (Security Information and Event Management) systems, providing better management of detected incidents and a faster response to attacks.