I posted an insider threat article last week; however, I think this recent Bleeping Computer article further highlights the rising risks associated with insider threats. This incident explains why proper change management and access control policies are so critical to enterprise security. The org’s IT team failed to remove this disgruntled employee’s access two days after her termination. The ex-employee was able to log in to her account and deleted 21 gigs of “customers’ mortgage loan applications” and even the company “anti-ransomware protection software”! Any employee leaving an organization should have their credentials revoked within 24 hours of their departure. The article doesn’t say how the ex-employee was caught aside from text messages between a friend detailing her crime. Insider threats are a serious concern as access is directly related to the level of damage they can cause.
“91% of Industrial Organizations can be Penetrated by Hackers”
Companies being subject to vulnerable attacks is no surprise these days, but it’s been reported that over 91% of industrial organizations are exposed to cyber-attacks. In other words, easy access to critical systems results in severe damage. A variety of reasons for these attacks range from suspicious actions from an internal network, to external cloud storage, to even outdated software. Reports also found that 100% of cases were from outside attackers gaining access to user credentials and gaining complete control of the infrastructure via the corporate network. It was recommended that these companies use cyber ranges to evaluate production systems, and to allow information security specialists to evaluate consequences, and assess possible damage without disrupting business procedures.
The space industry is frequently targeted by threat actors due to the sensitive IP on their networks. This industry also has one of the largest supply chains, meaning a wider surface area for hackers to target. The industry has been rapidly expanding; the inception of Blue Origin and SpaceX means NASA is no longer the only target.
These companies have more than just their IP at risk. Lives and billions of dollars worth of spacecraft are also at risk. If a threat actor were ever to gain control of a spacecraft, it could be catastrophic for both the people on-board and the people on the ground.
Satellites are also a major target. If a hacker was able to gain access to one, it could potentially cause a space collision, causing damage to our communication systems.
In order to prevent these losses, it is vital to weigh cybersecurity heavily during all phases of production, especially in the design phase. Potential risks could come from hardware, software, OS, or other equipment. Each piece of the spacecraft needs to be scrutinized.
One solution is the zero trust architecture. This involves isolating devices and equipment from a system’s access standpoint, meaning even if a hacker were to gain access to systems on earth, escalating privilege would be nearly impossible.
NIST also recently released an updated framework for commercial satellite operations. This framework will likely be tweaked and updated following receipt of industry feedback.
According to the article, organizations will need to be especially aware about the potential for ransomware attacks during the labor day weekend. Often during the long/holiday weekend organizations employ only a small team to monitor IT network infrastructure and security. Organizations need to be proactive and vigilant in their security analysis to be prepared and ahead of the attacks. “Citing historic precedents, the FBI and CISA released a joint cybersecurity advisory on Tuesday noting that ransomware actors often ambush organizations on holidays and weekends when offices are normally closed, making weekends. following a three-day week is a great opportunity for threatening activities.” “Modern cybercriminals use fairly deceptive tactics to maximize damage and collect the most money per attack,” said Erich Kron, security awareness advocate at security firm KnowBe4, in an email sent at Threat post.” Below are a few historically famous attacks that have occurred over the holiday weekend.
1. “Colonial Pipeline attack by the now defunct Dark Side ransomware group that crippled the East Coast pipeline for a few weeks later occurred in the run-up to Mother’s Day weekend, the agencies noted.”
2. “Memorial Day weekend, ransomware group REvil targeted the world’s largest meat distributor, JBS Foods, forcing some operations in the United States and the United States to shut down like in Australia and caused a disruption in the world food supply chain.”
3. “July 4th bank holiday weekend, this time exploiting zero-day vulnerabilities in the Kaseya Virtual System / Server Administrator platform
It’s interesting to consider holidays as an information security risk and shows that bad actors don’t take days off. It’s important for organizations to consider this as part of their overall risk management strategy. Given the severity of these recent issues, I don’t think limited coverage over holidays is an acceptable risk. That said, burnout is a real concern, especially with security professionals. A balance must be struck that provides adequate coverage and respite for information security teams.
I thought this article was relevant to Unit 3’s topics and raises some interesting points about the convergence of physical and information security. I’ve seen this in my current job as we’re often partnering with physical security on technology matters. I can’t help but think of how a consolidated physical and information security department would have helped RIT in Case Study 1. From a risk management perspective, a consolidated security department provides a holistic view into overall business risks and allows for more thoughtful conversations about how to modify them.
Summary:
The combining of our physical and cyber worlds is forcing organizations to revisit the often siloed functions of physical and information security. This concept is not new but may be worth implementing now, given increasing overlap that comes from advancing technology across functions. Converged security departments help organizations to streamline communications and provide efficiencies by merging adjacent practices, e.g. physical access controls, surveillance, etc.
The article cites the state government of Michigan as an example of successfully combining physical and information security departments. Organizations with converged security departments are more resilient and better prepared to deal with threats. Combined departments are able to share information more easily and can implement holistic security policies across the organization. This and other benefits are noted in a 2019 CISA report on combining physical and information security.
The need for convergence was made a priority during Covid-19’s shift to remote work and the increased adoption of IoT technology in facilities management. These changes have increased the risk surface area for organizations. Convergence can help security organizations adapt to these changes, regardless of sector, by providing a unified approach to organizational security.
This article describes a vulnerability in Cisco and Atlassian products.
It seems like some sort of injection attack (maybe SQL?), as the article describes the vulnerability as ‘if exploited, the Open Graph Navigation Library (OGNL) bug would allow an unauthenticated user to execute arbitrary code on a database’.
I think that this goes to show that many companies rely on other companies or providers, and how important it is to keep up to date on information security. I think many companies inherently trust that the software they are paying for is bug-free / secure, and sometimes that is not the case. Staying on top of things like this could save an organization time, money, and their reputation.
In today’s society, the speed of technological development is getting faster and faster, and the more you rely on others, the more likely it is to have safety problems. Information security can only be ensured as far as possible without being leaked by starting from oneself. Messages in the database are easily lost or stolen. This is the only way to make the information security level “seem” high by avoiding risks as much as possible. In real life, the information security level only looks “high”.
In this article it explains how hackers use message mirroring apps to see SMS texts in order to bypass dual factor authentication. It highlighted that SMS is known for having poor security which makes it a target for hackers. The process includes a hacker as a threat actor convincing mobile service provider that they themselves are the actual victim and have the number switched over to their device. Or they could utilize Modlishka to reverse proxy and intercept communication between the service and victim. Through here they can receive the one-time code or any other login credentials. The recommendations given is to limit the use of dual factor authentication through sms and instead use app based one time codes such as google authenticator.
I found this article pretty interesting about how threat actors become more attracted by holiday weekends. The news explains that for ransomware to be successful, it needs time and fewer defenders around.
The holiday weekends are longer than usual two-day weekends, and employees are less likely to use their remote devices to connect to the network. Therefore, it becomes an opportunity for attackers to use this time to escalate privileges for maximum control over systems.
There are also some examples of incidents listed on the news. The ransomware that hit food supply company JBS and the hospital attack by ransomware that created huge chaos are the good ones to look for.
I found this case study on ISACA and it describes one company’s adoption of cloud computing. Specifically, the IS Auditor in the case study was responsible for reviewing and assessing the risks of offering a SaaS solution and adopting IaaS cloud computing. I found it interesting the IS Auditor utilized the IT risk framework, which we read as part of this unit, as well as several other risk frameworks from ITIL, CSA, and ENISA. Leveraging a number of risk frameworks is extremely helpful to an organization who wants to get a holistic view of their risk exposure, the article writes, “Leveraging Risk IT in conjunction with a widely accepted IT governance and controls framework such as COBIT makes the risk identification robust and the risk assessment process effective and efficient. This leads to a model that is extensible and reusable and that can scale up to IT risks affecting the entire company.” Once the risks were identified, the IS Auditor could identify and subsequently test the operating effectiveness of the cloud computing systems controls. The result of an engagement is a repeatable risk based audit program that the company could continue to use to identify new and monitor existing risks to the cloud computing system over time.
The website of famous street artist, Banksy, was breached and the hacker decided to hold a fake NFT auction on the website. The hacker took one of Banksy’s previous works and sold it as a fake NFT to the highest bidder for $336,000. The hacker was tracked down days later and handed over all of the money except for what was labeled as a “transaction fee” which totaled up to $6,918. A cybersecurity expert in the article states that ““The fake Banksy NFT scam is one that would be difficult to detect for any cybersecurity technology, and it highlights the risk of purchasing NFTs, which do not have a centralized authentication method that is foolproof, as we saw in this scam,” and he goes on to add that these scams however may still be very unlikely because they’re very easy to track. It states that the most common scams come from setting up fake stores, selling fake art, and Airdrop scams that offer free crypto.
Cool article!! Interesting that the target was cyber aware enough to research the site hosting the auction and also to find the perpetrator on Twitter, yet still ended up a victim! It also seems to say something about the perpetrator that they were able to be found on Twitter pretty quickly after completing their transaction – not a great job of hiding!
This article is about the increasing number of vulnerabilities in critical infrastructure. Security researchers at Claroty discovered that there was a roughly 41% increase in vulnerabilities disclosed in the first half of 2020 compared to the second half of 2020. They also stated that the majority of these vulnerabilities were not found internally but rather by an external third party. The Colonial Pipeline showed how serious an attack on industrial control systems is and how it impacts the lives of everyday people. The CEO of Gurucul stated that the industrial control systems industry is going through the same phase PCs went through 20 years ago where all of the vulnerabilities are being exploited.
Last week I posted a link to the annual report showing the cost of risk from specific areas – a tool that would be useful in writing a biz case to fund investment in IT Risk Mgmt.
This week I want to share a link to a tool that provides a practical and usable framework for completing a Risk Assessment for an organization. It complements our readings and lectures, but it maps out more specific details about each step of the process to analyze and create a risk profile for an organization.
For example Section 4 (How to Perform a Cyber Risk Assessment) lists specific questions to be asked and data to be gathered!
This wasn’t necessarily a new story – but it is definitely a URL that I bookmarked for future use…. 😉
My article this week outlines the company ProtonMail, and how they’ve recently come under some heat for sharing IP addresses of users. For those unaware, ProtonMail is a popular mail service that is popular with the cybersecurity community. On their website, they advertise that no IP logs are maintained and the privacy of the users come first. Well it turns out that isn’t fully the case. ProtonMail is a Swiss based company and they received a legally binding request to hand over the IP logs of a few users which led to arrests in France. It was made clear that the Swiss government can force ProtonMail to hand over information, even if the investigation is being carried out by a different law enforcement agencies outside of Switzerland. This is an interesting case of a company that uses security and privacy as the cornerstones of their marketing and yet they still are not as infallible as they may want to be seen. It makes one think about how many other companies are not being as transparent about their data collection processes.
The article I read this week was fairly short but I found it interesting. On Wednesday the FBI issued a warning to the food and agriculture industry that ransomware gangs, which are basically people who attack with phishing. The article then goes on to mention that although the criminal’s approach isn’t something we haven’t seen before, they are attacking a sector that does not think of itself as a high-priority target. It also mentions that one of the farms that was targeted lost $9 million from ransomware attacks. One criminal organization scans about 100 thousand email inboxes daily, scanning for things such as gift cards and customer loyalty programs, according to KrebsOnSecurity.
During its press conference on September 2nd, the White house reinforced previous warnings by the FBI and CISA that the nation should be on high alert for ransomware attacks over Labor Day weekend, as attackers have a record of taking advantage of reduced staffing and relaxed vigilance during holidays.
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
Accenture is one of the biggest global consulting firm. Accenture recently got hit by a ransomware attack. The hacker has encrypted the files and demanded a ransom elsewhere going to publish the data on the dark web. One of the spokesperson, Stacey Jones, at Accenture has confirmed the cybersecurity incident to CNN Business. Jones stated they had detected an irregular activity within one of their networks. They had also contained the affected system and isolated that system from the network. Accenture also restored that system from the back up and confirm that neither Accenture or their customer had any impact on their operations.
I figured since we were on the topic of Risk Management I would try to find an article related. I stumbled upon this article through some searching; and it’s Risk Management Framework (RMF) for Artificial Intelligence! Essentially with Artificial Intelligence becoming more complex and growing in the recent years; NIST is preparing an Version 1.0 framework for AI. In relation to the topics we are studying now; I found it interesting that an whole new framework would be prepared for AI.
NIST states that “there is no objective standard for ethical values, as they are grounded in the norms and legal expectations of specific societies and cultures.” However; if there is one thing that is certain with the complexity of AI – it will pose substantiated risk. I am curious of the set of controls that will entail; as well as how will other businesses/governments in countries will adopt (or some disregard) a common set of controls and practices. NIST states that there could be a complete version by the end of 2022.
On May 12th 2021 President Joe Biden signed an Executive Order with the intentions to improve the nation’s cyber security. On Sept. 7th (today) he met with cyber security leaders from major and popular tech companies and outlined the security initiatives he wanted to discuss during the meeting. One of the many reasons this Administration has been pushing for an improvement of cyber security initiatives is due to the fact that the Colonial Pipeline was hacked last May. The Biden Administration actually announced plans to “expand the Industrial Control Systems Cybersecurity Initiative to the natural gas pipeline sector.” (Jill McKeon)
Moreover, cyber security leaders from big tech companies such as Apple, Google, Amazon, JPMorgan Chase, and others were in attendance. They all revealed some type of plan commitment and or idea to help the administration in their push to strengthen cyber security of not only US critical infrastructure, but also private companies as well.
Some of the commitments that various organizations have made which the article has mentioned are as follows:
– Coalition, Travelers, IBM, Microsoft, and Google committed to working with NIST on the initiative.
– IBM said it would train 150,000 individuals in cybersecurity skills over the next three years. The tech giant pledged to partner with over 20 Historically Black Colleges & Universities (HCBUs) to establish Cybersecurity Leadership Centers and increase diversity in the cybersecurity workforce.
– Amazon committed to making its employee security awareness trainings open to the public at no charge.
This article talks about Risk evaluation in an organization which simply refer to as situation of comparing the results of the risk analysis with risk evaluation criteria defined during the context of establishment to determine whether the risks are acceptable or eminent within the organization. And I understood clearly from the article that the goal of the consolidation is to make sure that the correct risk is assigned to each risk. This is so because risk levels usually directs the identification of treatments and therefore provide suitable or essential decision support to the management to conduct proper risk evaluation assessments in an organization.
The article can be accessed on this website: https://www.researchgate.net/publication/30034457/_risk evaluation
This article is about a leak that happened in the French embassy system. Basically, this leak exposed around 8000 million personal data including their names, passport, nationalities, dates of birth and identity card numbers. According to the website, the cyber-attack targeted a section of the site, which receives around 1.5 million applications per month.
Really good article, That type of traffic on a website each month is incredible. It’s does surprise me that only only 8,700 people’s data were compromised. I do find it interesting that the GDRP doesn’t consider names, passport numbers and address as sensitive information.
“The Latest Cybersecurity Threat: Pay Us or We Release the Data” by Catherine Stupp
The article that I chose discusses a new type of cybersecurity threat that is frequently substituted for, or paired with, a regular ransomware hack.
The new threat is hackers threatening to release the most sensitive information they can find on a company unless they get paid a ransom. This mainly affects confidentiality, but could also affect integrity since the hackers have the ability to change the information if they wanted to. It could also affect availability like a normal ransomware hack, if both strategies are paired together. Unfortunately, according to the article, sensitive information leaks or threats of leaks featured in 81% of ransomware attacks during the second quarter of 2021.
Another scary fact about this new type of cyber threat is that there is no guarantee the hackers will not release the information, even if they do get paid a ransom. Brett Callow, a threat analyst for Emsisoft, thinks that it is best to not pay any ransom because, “You are simply paying for a promise from an untrustworthy bad-faith actor that they won’t further misuse the data they stole.”
This new threat also affects customers, because some hackers have been sending customers images of their own sensitive data as proof that it has been stolen, and then demanding that they pester the company to pay the ransom. For this reason, it is crucial that companies are transparent and let their customers and partners know of any security breach before it gets to the news, because by then, reputation is already lost.
This relates to our current unit, Risk Evaluation, because this threat is a new type of risk. By identifying and being aware of this risk, it helps companies develop mitigation strategies, such as keeping less data that hackers would find valuable to publicly leak, or further emphasizing a back-up system/network so that business functions can still performed even in the case of a ransomware attack. Any new cyber risks, no matter how new, must be evaluated so that it does not happen in the future and cause a large loss to the company.
Information Security Magazine detailed a recent case of a 24 year old cybersecurity student scamming an elderly woman, stealing about $55,000 in a socially-engineered phishing scheme. The perpetrator, Ramesh Karaturi, contacted a 60 year old Scottish woman, claiming her Amazon account security had been compromised. During his “attempts at troubleshooting” her computer, he downloaded malware which gave Karaturi remote access to her device; giving him access to whatever credentials she had stored. Using said credentials, Karaturi was able to gain access to the victim’s banking information and stole nearly £40,000 from her. Officials were able to trace the missing funds back to Karaturi, and arrested him in early June 2021, On September 6th, he had been sentenced to five months in prison for three counts of money laundering and one conspiracy to defraud. Interestingly enough, Karaturi claimed that he was in conspiracy with other individuals who were using his bank credentials for criminal purposes overseas, in exchange for 15% of proceeds from their criminal activity. The article did not specify who these individuals were, nor the details of the enterprise being ran.
There’s an interesting world event being affected by cybersecurity right now: the upcoming September 26 parliamentary German election. The event at hand is very relatable to America’s own questionable political elections. as Germany’s election is the target of a hacker group known as “Ghostwriter,” which is seeking to control the upcoming election using cyberattacks. The cyberattacks not only use classic methods aiming for identity theft like phishing emails, but they are also combining this with spreading misinformation about the candidates. The targets of these cyber attacks were federal and state lawmakers.
Germany’s government allegedly reports that it has reliable intelligence asserting that a Russian nation-state threat actor is responsible. Specifically, it is asserted that the Russian GRU military intelligence service cyber actors are responsible, and German officials are demanding that such actions cease in order to preserve public relations. It is rather amazing to see that phishing emails are still a realistically viable attack vector after decades of their existence. This again demonstrates that humans being are and will always be the weakest element of security.
This article describes that Classes were canceled at a private university in Washington DC today following a cyber-attack. The information technology team at The Howard University discovered unusual activity on the HU network last Friday. During the investigation, HU took conservative measures. They cancelled courses, stopped Wi-Fi on campus, and even banned certain applications and prevented unauthorized third parties from accessing them. Their security measures to further protect the personal data of universities and faculty from security issues.
HU’s timely measures to protect are similar to what we read in the previous case. These measures tell us the importance of protecting personal information in the era of big data.
Really good article, HU took some good steps so no one else could be compromised from this data breach. HU stated that they don’t believe any personal data was stolen, isn’t becoming the normal thing to say after an incident? I wonder how long they will have to search till they figured out what was compromised, what do you think?
In July 2021 Guntrader’s website in the UK was breached. At the time the website stated no information was lost. Unfortunately that was untrue, 110,000 UK gun owners name’s and address have been leaked. “Tech website “the Register” reported that the stolen information was dumped online via an animal rights activist’s blog.” With the blog encouraging people to contact as many people as they can regarding “animal shootings” The addresses were uploaded to Google Earth and easily accessible to anyone. “Some of the data is over five years old but does put the number of individuals at a greater risk.” https://www.independent.co.uk/news/uk/crime/uk-gun-owners-addresses-leaked-b1913246.html
“New Zealand banks, post office hit by outages in apparent cyber attack”
The websites of several New Zealand financial institutions and their national postal services were briefly shut down on Sept. 8 as officials said they were battling a cyber attack. According to local media reports, some of the sites affected by the attack included the New Zealand website of Australia and New Zealand Banking Group (ANZ.AX) and the New Zealand Post. New Zealand Post said problems with its third-party provider caused the “intermittent outage” on its website. Several customers reported the outage via social media for Kiwibank, a small bank partly owned by New Zealand Post. In a Twitter post, Kiwibank apologized to customers and said it was working to resolve the “intermittent access” issue with its app, online banking, phone banking, and website services.
I decided to post about a data breach because 2 major companies in the last week, had a breach through malware. The 2 major companies are Wawa & Sonic.
In 2017, 36,000 Sonics across the United States had a data breach. According to the article, “Under Sonic’s franchise agreement, the franchisees were required to give Sonic access to their transaction data through managed virtual private network (VPN.) Hackers accessed the data using VPN credentials to a transaction-processing service by Sonic.”
Sonic has argued back with the Financial Institutions and said because of this breach, they do not have any evidence that it was part of a “affirmative acts.”
I came across this article and saw the need to create awareness as a cybersecurity professional. We see on the job that the threat is now what used to be the service. What does that mean in simple English? Let us start with the basic definition of Ransomware.
“Ransomware is a family of malware that prevents victims from accessing their data. During a ransomware attack, a malicious actor will deploy the malware inside an organization. Depending on the type and sophistication, it will either be manually directed at a storage repository or appear dormant. At the same time, it gathers information about the nature and location of critical value data to either delete, steal or destroy the data while holding the owner to ransom”.
Ransomware-as-a-Service is the process of using what could initially be a service as a means of attack by cybercriminals. i.e., the COVID heat map distributed as a phishing link. Additionally, as a COVID fallout, more employees work from home now, with minimal supervision, which has created a new array of cyber-attack techniques.
As a result, solutions to threats are now the threat vectors themselves. This new development lets us wonder whether developers now create applications for and against the user. It brings into perspective the saying that “it is not whether you were compromised but when you’ll realize that you have been.” Meaning that a compromise is inevitable, but controls should be in place. While implementing solutions, ensure that adequate defense in depth is in place to mitigate and remediate inherent risks to all mission-critical processes.
The article talks more about how management of an organization are struggling with risks on multiple fronts, including cybersecurity, liability, investment and more. Hence, risk analysis, or risk assessment, is the first step in the risk management process. And it has thus helped many businesses to put in measures to rein in security threats. The article fundamentally stated that the successfulness of any organization pivoting on the risks that both internal and external threats pose to the confidentiality, integrity, and availability a of your data. The article further explains that during risk analysis, a company identifies risks and the level of consequences, such as potential losses to the business, if an incident happens. The article explains the risk analysis process involves defining the assets (IT systems and data) at risk, the threats facing each asset, how critical each threat is and how vulnerable the system is to that threat. It is wise to take a structured and project-based approach to risk analysis, such as those offered in NIST SP 800-30.
Kelly Sharadin says
I posted an insider threat article last week; however, I think this recent Bleeping Computer article further highlights the rising risks associated with insider threats. This incident explains why proper change management and access control policies are so critical to enterprise security. The org’s IT team failed to remove this disgruntled employee’s access two days after her termination. The ex-employee was able to log in to her account and deleted 21 gigs of “customers’ mortgage loan applications” and even the company “anti-ransomware protection software”! Any employee leaving an organization should have their credentials revoked within 24 hours of their departure. The article doesn’t say how the ex-employee was caught aside from text messages between a friend detailing her crime. Insider threats are a serious concern as access is directly related to the level of damage they can cause.
https://www.bleepingcomputer.com/news/security/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge/
Christopher Clayton says
“91% of Industrial Organizations can be Penetrated by Hackers”
Companies being subject to vulnerable attacks is no surprise these days, but it’s been reported that over 91% of industrial organizations are exposed to cyber-attacks. In other words, easy access to critical systems results in severe damage. A variety of reasons for these attacks range from suspicious actions from an internal network, to external cloud storage, to even outdated software. Reports also found that 100% of cases were from outside attackers gaining access to user credentials and gaining complete control of the infrastructure via the corporate network. It was recommended that these companies use cyber ranges to evaluate production systems, and to allow information security specialists to evaluate consequences, and assess possible damage without disrupting business procedures.
https://www.infosecurity-magazine.com/news/industrial-orgs-penetrated-hackers/
Madalyn Stiverson says
The space industry is frequently targeted by threat actors due to the sensitive IP on their networks. This industry also has one of the largest supply chains, meaning a wider surface area for hackers to target. The industry has been rapidly expanding; the inception of Blue Origin and SpaceX means NASA is no longer the only target.
These companies have more than just their IP at risk. Lives and billions of dollars worth of spacecraft are also at risk. If a threat actor were ever to gain control of a spacecraft, it could be catastrophic for both the people on-board and the people on the ground.
Satellites are also a major target. If a hacker was able to gain access to one, it could potentially cause a space collision, causing damage to our communication systems.
In order to prevent these losses, it is vital to weigh cybersecurity heavily during all phases of production, especially in the design phase. Potential risks could come from hardware, software, OS, or other equipment. Each piece of the spacecraft needs to be scrutinized.
One solution is the zero trust architecture. This involves isolating devices and equipment from a system’s access standpoint, meaning even if a hacker were to gain access to systems on earth, escalating privilege would be nearly impossible.
NIST also recently released an updated framework for commercial satellite operations. This framework will likely be tweaked and updated following receipt of industry feedback.
https://www.forbes.com/sites/forbestechcouncil/2021/08/20/why-space-is-the-next-frontier-for-cybersecurity/
Mohammed Syed says
According to the article, organizations will need to be especially aware about the potential for ransomware attacks during the labor day weekend. Often during the long/holiday weekend organizations employ only a small team to monitor IT network infrastructure and security. Organizations need to be proactive and vigilant in their security analysis to be prepared and ahead of the attacks. “Citing historic precedents, the FBI and CISA released a joint cybersecurity advisory on Tuesday noting that ransomware actors often ambush organizations on holidays and weekends when offices are normally closed, making weekends. following a three-day week is a great opportunity for threatening activities.” “Modern cybercriminals use fairly deceptive tactics to maximize damage and collect the most money per attack,” said Erich Kron, security awareness advocate at security firm KnowBe4, in an email sent at Threat post.” Below are a few historically famous attacks that have occurred over the holiday weekend.
1. “Colonial Pipeline attack by the now defunct Dark Side ransomware group that crippled the East Coast pipeline for a few weeks later occurred in the run-up to Mother’s Day weekend, the agencies noted.”
2. “Memorial Day weekend, ransomware group REvil targeted the world’s largest meat distributor, JBS Foods, forcing some operations in the United States and the United States to shut down like in Australia and caused a disruption in the world food supply chain.”
3. “July 4th bank holiday weekend, this time exploiting zero-day vulnerabilities in the Kaseya Virtual System / Server Administrator platform
Feds Warn of Ransomware Attacks Ahead of Labor Day
https://threatpost.com/ransomware-attacks-labor-day/169087/
Matthew Bryan says
It’s interesting to consider holidays as an information security risk and shows that bad actors don’t take days off. It’s important for organizations to consider this as part of their overall risk management strategy. Given the severity of these recent issues, I don’t think limited coverage over holidays is an acceptable risk. That said, burnout is a real concern, especially with security professionals. A balance must be struck that provides adequate coverage and respite for information security teams.
Matthew Bryan says
I thought this article was relevant to Unit 3’s topics and raises some interesting points about the convergence of physical and information security. I’ve seen this in my current job as we’re often partnering with physical security on technology matters. I can’t help but think of how a consolidated physical and information security department would have helped RIT in Case Study 1. From a risk management perspective, a consolidated security department provides a holistic view into overall business risks and allows for more thoughtful conversations about how to modify them.
Summary:
The combining of our physical and cyber worlds is forcing organizations to revisit the often siloed functions of physical and information security. This concept is not new but may be worth implementing now, given increasing overlap that comes from advancing technology across functions. Converged security departments help organizations to streamline communications and provide efficiencies by merging adjacent practices, e.g. physical access controls, surveillance, etc.
The article cites the state government of Michigan as an example of successfully combining physical and information security departments. Organizations with converged security departments are more resilient and better prepared to deal with threats. Combined departments are able to share information more easily and can implement holistic security policies across the organization. This and other benefits are noted in a 2019 CISA report on combining physical and information security.
The need for convergence was made a priority during Covid-19’s shift to remote work and the increased adoption of IoT technology in facilities management. These changes have increased the risk surface area for organizations. Convergence can help security organizations adapt to these changes, regardless of sector, by providing a unified approach to organizational security.
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/why-should-you-merge-physical-security-and-cybersecurity
Andrew Nguyen says
This article describes a vulnerability in Cisco and Atlassian products.
It seems like some sort of injection attack (maybe SQL?), as the article describes the vulnerability as ‘if exploited, the Open Graph Navigation Library (OGNL) bug would allow an unauthenticated user to execute arbitrary code on a database’.
I think that this goes to show that many companies rely on other companies or providers, and how important it is to keep up to date on information security. I think many companies inherently trust that the software they are paying for is bug-free / secure, and sometimes that is not the case. Staying on top of things like this could save an organization time, money, and their reputation.
https://www.infosecurity-magazine.com/news/us-cyber-command-patch-atlassian/
Dan Xu says
In today’s society, the speed of technological development is getting faster and faster, and the more you rely on others, the more likely it is to have safety problems. Information security can only be ensured as far as possible without being leaked by starting from oneself. Messages in the database are easily lost or stolen. This is the only way to make the information security level “seem” high by avoiding risks as much as possible. In real life, the information security level only looks “high”.
Wilmer Monsalve says
In this article it explains how hackers use message mirroring apps to see SMS texts in order to bypass dual factor authentication. It highlighted that SMS is known for having poor security which makes it a target for hackers. The process includes a hacker as a threat actor convincing mobile service provider that they themselves are the actual victim and have the number switched over to their device. Or they could utilize Modlishka to reverse proxy and intercept communication between the service and victim. Through here they can receive the one-time code or any other login credentials. The recommendations given is to limit the use of dual factor authentication through sms and instead use app based one time codes such as google authenticator.
https://theconversation.com/how-hackers-can-use-message-mirroring-apps-to-see-all-your-sms-texts-and-bypass-2fa-security-165817
Miray Bolukbasi says
Why Ransomware Hackers Love a Holiday Weekend
I found this article pretty interesting about how threat actors become more attracted by holiday weekends. The news explains that for ransomware to be successful, it needs time and fewer defenders around.
The holiday weekends are longer than usual two-day weekends, and employees are less likely to use their remote devices to connect to the network. Therefore, it becomes an opportunity for attackers to use this time to escalate privileges for maximum control over systems.
There are also some examples of incidents listed on the news. The ransomware that hit food supply company JBS and the hospital attack by ransomware that created huge chaos are the good ones to look for.
https://www.wired.com/story/ransomware-hacks-holidays-weekends/?&web_view=true
Bryan Garrahan says
https://www.isaca.org/resources/isaca-journal/past-issues/2011/cloud-computing-risk-assessment-a-case-study#f5
I found this case study on ISACA and it describes one company’s adoption of cloud computing. Specifically, the IS Auditor in the case study was responsible for reviewing and assessing the risks of offering a SaaS solution and adopting IaaS cloud computing. I found it interesting the IS Auditor utilized the IT risk framework, which we read as part of this unit, as well as several other risk frameworks from ITIL, CSA, and ENISA. Leveraging a number of risk frameworks is extremely helpful to an organization who wants to get a holistic view of their risk exposure, the article writes, “Leveraging Risk IT in conjunction with a widely accepted IT governance and controls framework such as COBIT makes the risk identification robust and the risk assessment process effective and efficient. This leads to a model that is extensible and reusable and that can scale up to IT risks affecting the entire company.” Once the risks were identified, the IS Auditor could identify and subsequently test the operating effectiveness of the cloud computing systems controls. The result of an engagement is a repeatable risk based audit program that the company could continue to use to identify new and monitor existing risks to the cloud computing system over time.
Michael Galdo says
NFT Collector Tricked into Buying Fake Banksy
The website of famous street artist, Banksy, was breached and the hacker decided to hold a fake NFT auction on the website. The hacker took one of Banksy’s previous works and sold it as a fake NFT to the highest bidder for $336,000. The hacker was tracked down days later and handed over all of the money except for what was labeled as a “transaction fee” which totaled up to $6,918. A cybersecurity expert in the article states that ““The fake Banksy NFT scam is one that would be difficult to detect for any cybersecurity technology, and it highlights the risk of purchasing NFTs, which do not have a centralized authentication method that is foolproof, as we saw in this scam,” and he goes on to add that these scams however may still be very unlikely because they’re very easy to track. It states that the most common scams come from setting up fake stores, selling fake art, and Airdrop scams that offer free crypto.
Michael Galdo says
https://threatpost.com/nft-collector-tricked-into-buying-fake-banksy/169179/
Richard Hertz says
Cool article!! Interesting that the target was cyber aware enough to research the site hosting the auction and also to find the perpetrator on Twitter, yet still ended up a victim! It also seems to say something about the perpetrator that they were able to be found on Twitter pretty quickly after completing their transaction – not a great job of hiding!
Dhaval Patel says
This article is about the increasing number of vulnerabilities in critical infrastructure. Security researchers at Claroty discovered that there was a roughly 41% increase in vulnerabilities disclosed in the first half of 2020 compared to the second half of 2020. They also stated that the majority of these vulnerabilities were not found internally but rather by an external third party. The Colonial Pipeline showed how serious an attack on industrial control systems is and how it impacts the lives of everyday people. The CEO of Gurucul stated that the industrial control systems industry is going through the same phase PCs went through 20 years ago where all of the vulnerabilities are being exploited.
read, C. S. N. min, & Alicia Hope·September 6, 2021. (2021, September 6). ICS vulnerabilities increased by 41% in six MONTHS amidst high profile attacks on critical infrastructure. CPO Magazine. https://www.cpomagazine.com/cyber-security/ics-vulnerabilities-increased-by-41-in-six-months-amidst-high-profile-attacks-on-critical-infrastructure/.
Link: https://www.cpomagazine.com/cyber-security/ics-vulnerabilities-increased-by-41-in-six-months-amidst-high-profile-attacks-on-critical-infrastructure/
Richard Hertz says
Last week I posted a link to the annual report showing the cost of risk from specific areas – a tool that would be useful in writing a biz case to fund investment in IT Risk Mgmt.
This week I want to share a link to a tool that provides a practical and usable framework for completing a Risk Assessment for an organization. It complements our readings and lectures, but it maps out more specific details about each step of the process to analyze and create a risk profile for an organization.
For example Section 4 (How to Perform a Cyber Risk Assessment) lists specific questions to be asked and data to be gathered!
This wasn’t necessarily a new story – but it is definitely a URL that I bookmarked for future use…. 😉
https://www.upguard.com/blog/cyber-security-risk-assessment
Ryan Trapp says
My article this week outlines the company ProtonMail, and how they’ve recently come under some heat for sharing IP addresses of users. For those unaware, ProtonMail is a popular mail service that is popular with the cybersecurity community. On their website, they advertise that no IP logs are maintained and the privacy of the users come first. Well it turns out that isn’t fully the case. ProtonMail is a Swiss based company and they received a legally binding request to hand over the IP logs of a few users which led to arrests in France. It was made clear that the Swiss government can force ProtonMail to hand over information, even if the investigation is being carried out by a different law enforcement agencies outside of Switzerland. This is an interesting case of a company that uses security and privacy as the cornerstones of their marketing and yet they still are not as infallible as they may want to be seen. It makes one think about how many other companies are not being as transparent about their data collection processes.
https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html
Alexander William Knoll says
The article I read this week was fairly short but I found it interesting. On Wednesday the FBI issued a warning to the food and agriculture industry that ransomware gangs, which are basically people who attack with phishing. The article then goes on to mention that although the criminal’s approach isn’t something we haven’t seen before, they are attacking a sector that does not think of itself as a high-priority target. It also mentions that one of the farms that was targeted lost $9 million from ransomware attacks. One criminal organization scans about 100 thousand email inboxes daily, scanning for things such as gift cards and customer loyalty programs, according to KrebsOnSecurity.
During its press conference on September 2nd, the White house reinforced previous warnings by the FBI and CISA that the nation should be on high alert for ransomware attacks over Labor Day weekend, as attackers have a record of taking advantage of reduced staffing and relaxed vigilance during holidays.
https://thecyberwire.com/newsletters/daily-briefing/10/171
Jason Burwell says
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
https://thehackernews.com/2021/09/latest-atlassian-confluence-flaw.html
Vraj Patel says
Accenture Ransomware Attack
Accenture is one of the biggest global consulting firm. Accenture recently got hit by a ransomware attack. The hacker has encrypted the files and demanded a ransom elsewhere going to publish the data on the dark web. One of the spokesperson, Stacey Jones, at Accenture has confirmed the cybersecurity incident to CNN Business. Jones stated they had detected an irregular activity within one of their networks. They had also contained the affected system and isolated that system from the network. Accenture also restored that system from the back up and confirm that neither Accenture or their customer had any impact on their operations.
Reference:
Fung, Brian. 2021. Another big company hit by a ransomware attack. Retrieved from: https://www.cnn.com/2021/08/11/tech/accenture-ransomware/index.html
Michael Duffy says
I figured since we were on the topic of Risk Management I would try to find an article related. I stumbled upon this article through some searching; and it’s Risk Management Framework (RMF) for Artificial Intelligence! Essentially with Artificial Intelligence becoming more complex and growing in the recent years; NIST is preparing an Version 1.0 framework for AI. In relation to the topics we are studying now; I found it interesting that an whole new framework would be prepared for AI.
NIST states that “there is no objective standard for ethical values, as they are grounded in the norms and legal expectations of specific societies and cultures.” However; if there is one thing that is certain with the complexity of AI – it will pose substantiated risk. I am curious of the set of controls that will entail; as well as how will other businesses/governments in countries will adopt (or some disregard) a common set of controls and practices. NIST states that there could be a complete version by the end of 2022.
https://www.nextgov.com/emerging-tech/2021/08/nist-prioritizes-external-input-development-ai-risk-management-framework/184393/
Joshua Moses says
On May 12th 2021 President Joe Biden signed an Executive Order with the intentions to improve the nation’s cyber security. On Sept. 7th (today) he met with cyber security leaders from major and popular tech companies and outlined the security initiatives he wanted to discuss during the meeting. One of the many reasons this Administration has been pushing for an improvement of cyber security initiatives is due to the fact that the Colonial Pipeline was hacked last May. The Biden Administration actually announced plans to “expand the Industrial Control Systems Cybersecurity Initiative to the natural gas pipeline sector.” (Jill McKeon)
Moreover, cyber security leaders from big tech companies such as Apple, Google, Amazon, JPMorgan Chase, and others were in attendance. They all revealed some type of plan commitment and or idea to help the administration in their push to strengthen cyber security of not only US critical infrastructure, but also private companies as well.
Some of the commitments that various organizations have made which the article has mentioned are as follows:
– Coalition, Travelers, IBM, Microsoft, and Google committed to working with NIST on the initiative.
– IBM said it would train 150,000 individuals in cybersecurity skills over the next three years. The tech giant pledged to partner with over 20 Historically Black Colleges & Universities (HCBUs) to establish Cybersecurity Leadership Centers and increase diversity in the cybersecurity workforce.
– Amazon committed to making its employee security awareness trainings open to the public at no charge.
(Please refer to the article for the full list of commitments and ideas other organizations have stated in the meeting.)
https://healthitsecurity.com/news/biden-administration-announces-national-cybersecurity-initiatives
kofi bonsu says
This article talks about Risk evaluation in an organization which simply refer to as situation of comparing the results of the risk analysis with risk evaluation criteria defined during the context of establishment to determine whether the risks are acceptable or eminent within the organization. And I understood clearly from the article that the goal of the consolidation is to make sure that the correct risk is assigned to each risk. This is so because risk levels usually directs the identification of treatments and therefore provide suitable or essential decision support to the management to conduct proper risk evaluation assessments in an organization.
The article can be accessed on this website: https://www.researchgate.net/publication/30034457/_risk evaluation
Ornella Rhyne says
This article is about a leak that happened in the French embassy system. Basically, this leak exposed around 8000 million personal data including their names, passport, nationalities, dates of birth and identity card numbers. According to the website, the cyber-attack targeted a section of the site, which receives around 1.5 million applications per month.
https://www.infosecurity-magazine.com/news/french-visa-applicants-cyber-attack/
Corey Arana says
Really good article, That type of traffic on a website each month is incredible. It’s does surprise me that only only 8,700 people’s data were compromised. I do find it interesting that the GDRP doesn’t consider names, passport numbers and address as sensitive information.
Michael Jordan says
https://www.wsj.com/articles/cyber-security-threats-11631041568
“The Latest Cybersecurity Threat: Pay Us or We Release the Data” by Catherine Stupp
The article that I chose discusses a new type of cybersecurity threat that is frequently substituted for, or paired with, a regular ransomware hack.
The new threat is hackers threatening to release the most sensitive information they can find on a company unless they get paid a ransom. This mainly affects confidentiality, but could also affect integrity since the hackers have the ability to change the information if they wanted to. It could also affect availability like a normal ransomware hack, if both strategies are paired together. Unfortunately, according to the article, sensitive information leaks or threats of leaks featured in 81% of ransomware attacks during the second quarter of 2021.
Another scary fact about this new type of cyber threat is that there is no guarantee the hackers will not release the information, even if they do get paid a ransom. Brett Callow, a threat analyst for Emsisoft, thinks that it is best to not pay any ransom because, “You are simply paying for a promise from an untrustworthy bad-faith actor that they won’t further misuse the data they stole.”
This new threat also affects customers, because some hackers have been sending customers images of their own sensitive data as proof that it has been stolen, and then demanding that they pester the company to pay the ransom. For this reason, it is crucial that companies are transparent and let their customers and partners know of any security breach before it gets to the news, because by then, reputation is already lost.
This relates to our current unit, Risk Evaluation, because this threat is a new type of risk. By identifying and being aware of this risk, it helps companies develop mitigation strategies, such as keeping less data that hackers would find valuable to publicly leak, or further emphasizing a back-up system/network so that business functions can still performed even in the case of a ransomware attack. Any new cyber risks, no matter how new, must be evaluated so that it does not happen in the future and cause a large loss to the company.
Lauren Deinhardt says
Information Security Magazine detailed a recent case of a 24 year old cybersecurity student scamming an elderly woman, stealing about $55,000 in a socially-engineered phishing scheme. The perpetrator, Ramesh Karaturi, contacted a 60 year old Scottish woman, claiming her Amazon account security had been compromised. During his “attempts at troubleshooting” her computer, he downloaded malware which gave Karaturi remote access to her device; giving him access to whatever credentials she had stored. Using said credentials, Karaturi was able to gain access to the victim’s banking information and stole nearly £40,000 from her. Officials were able to trace the missing funds back to Karaturi, and arrested him in early June 2021, On September 6th, he had been sentenced to five months in prison for three counts of money laundering and one conspiracy to defraud. Interestingly enough, Karaturi claimed that he was in conspiracy with other individuals who were using his bank credentials for criminal purposes overseas, in exchange for 15% of proceeds from their criminal activity. The article did not specify who these individuals were, nor the details of the enterprise being ran.
https://www.infosecurity-magazine.com/news/cybersecurity-student-scams-senior/
Antonio Cozza says
There’s an interesting world event being affected by cybersecurity right now: the upcoming September 26 parliamentary German election. The event at hand is very relatable to America’s own questionable political elections. as Germany’s election is the target of a hacker group known as “Ghostwriter,” which is seeking to control the upcoming election using cyberattacks. The cyberattacks not only use classic methods aiming for identity theft like phishing emails, but they are also combining this with spreading misinformation about the candidates. The targets of these cyber attacks were federal and state lawmakers.
Germany’s government allegedly reports that it has reliable intelligence asserting that a Russian nation-state threat actor is responsible. Specifically, it is asserted that the Russian GRU military intelligence service cyber actors are responsible, and German officials are demanding that such actions cease in order to preserve public relations. It is rather amazing to see that phishing emails are still a realistically viable attack vector after decades of their existence. This again demonstrates that humans being are and will always be the weakest element of security.
https://www.securityweek.com/germany-protests-russia-over-pre-election-cyberattacks
Dan Xu says
This article describes that Classes were canceled at a private university in Washington DC today following a cyber-attack. The information technology team at The Howard University discovered unusual activity on the HU network last Friday. During the investigation, HU took conservative measures. They cancelled courses, stopped Wi-Fi on campus, and even banned certain applications and prevented unauthorized third parties from accessing them. Their security measures to further protect the personal data of universities and faculty from security issues.
HU’s timely measures to protect are similar to what we read in the previous case. These measures tell us the importance of protecting personal information in the era of big data.
https://www.infosecurity-magazine.com/news/cyberattack-on-washington-dc/
Corey Arana says
Really good article, HU took some good steps so no one else could be compromised from this data breach. HU stated that they don’t believe any personal data was stolen, isn’t becoming the normal thing to say after an incident? I wonder how long they will have to search till they figured out what was compromised, what do you think?
Corey Arana says
In July 2021 Guntrader’s website in the UK was breached. At the time the website stated no information was lost. Unfortunately that was untrue, 110,000 UK gun owners name’s and address have been leaked. “Tech website “the Register” reported that the stolen information was dumped online via an animal rights activist’s blog.” With the blog encouraging people to contact as many people as they can regarding “animal shootings” The addresses were uploaded to Google Earth and easily accessible to anyone. “Some of the data is over five years old but does put the number of individuals at a greater risk.”
https://www.independent.co.uk/news/uk/crime/uk-gun-owners-addresses-leaked-b1913246.html
zijian ou says
“New Zealand banks, post office hit by outages in apparent cyber attack”
The websites of several New Zealand financial institutions and their national postal services were briefly shut down on Sept. 8 as officials said they were battling a cyber attack. According to local media reports, some of the sites affected by the attack included the New Zealand website of Australia and New Zealand Banking Group (ANZ.AX) and the New Zealand Post. New Zealand Post said problems with its third-party provider caused the “intermittent outage” on its website. Several customers reported the outage via social media for Kiwibank, a small bank partly owned by New Zealand Post. In a Twitter post, Kiwibank apologized to customers and said it was working to resolve the “intermittent access” issue with its app, online banking, phone banking, and website services.
https://www.reuters.com/world/asia-pacific/new-zealand-banks-post-office-hit-by-outages-apparent-cyber-attack-2021-09-08/?&web_view=true
Victoria Zak says
I decided to post about a data breach because 2 major companies in the last week, had a breach through malware. The 2 major companies are Wawa & Sonic.
In 2017, 36,000 Sonics across the United States had a data breach. According to the article, “Under Sonic’s franchise agreement, the franchisees were required to give Sonic access to their transaction data through managed virtual private network (VPN.) Hackers accessed the data using VPN credentials to a transaction-processing service by Sonic.”
Sonic has argued back with the Financial Institutions and said because of this breach, they do not have any evidence that it was part of a “affirmative acts.”
Reference:
https://www.infosecurity-magazine.com/news/data-breach-lawsuit-against-sonic/
Olayinka Lucas says
An Evolving Cyber Threat: Ransomware-as-a-Service
I came across this article and saw the need to create awareness as a cybersecurity professional. We see on the job that the threat is now what used to be the service. What does that mean in simple English? Let us start with the basic definition of Ransomware.
“Ransomware is a family of malware that prevents victims from accessing their data. During a ransomware attack, a malicious actor will deploy the malware inside an organization. Depending on the type and sophistication, it will either be manually directed at a storage repository or appear dormant. At the same time, it gathers information about the nature and location of critical value data to either delete, steal or destroy the data while holding the owner to ransom”.
Ransomware-as-a-Service is the process of using what could initially be a service as a means of attack by cybercriminals. i.e., the COVID heat map distributed as a phishing link. Additionally, as a COVID fallout, more employees work from home now, with minimal supervision, which has created a new array of cyber-attack techniques.
As a result, solutions to threats are now the threat vectors themselves. This new development lets us wonder whether developers now create applications for and against the user. It brings into perspective the saying that “it is not whether you were compromised but when you’ll realize that you have been.” Meaning that a compromise is inevitable, but controls should be in place. While implementing solutions, ensure that adequate defense in depth is in place to mitigate and remediate inherent risks to all mission-critical processes.
Reference: https://www.infosecurity-magazine.com/opinions/cyber-threat-ransomware-as-a/
Bernard Antwi says
Risk Analysis Example: How to Evaluate Risks
The article talks more about how management of an organization are struggling with risks on multiple fronts, including cybersecurity, liability, investment and more. Hence, risk analysis, or risk assessment, is the first step in the risk management process. And it has thus helped many businesses to put in measures to rein in security threats. The article fundamentally stated that the successfulness of any organization pivoting on the risks that both internal and external threats pose to the confidentiality, integrity, and availability a of your data. The article further explains that during risk analysis, a company identifies risks and the level of consequences, such as potential losses to the business, if an incident happens. The article explains the risk analysis process involves defining the assets (IT systems and data) at risk, the threats facing each asset, how critical each threat is and how vulnerable the system is to that threat. It is wise to take a structured and project-based approach to risk analysis, such as those offered in NIST SP 800-30.
https://blog.netwrix.com/2020/04/07/risk-analysis-example/