• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.001 ■ Spring 2023 ■ David Lanter
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Participation
    • Team Project
  • Harvard Coursepack
  • Zoom Meeting

In The News

February 8, 2023 by David Lanter 14 Comments

Filed Under: 05 - Secure Networks Tagged With:

Reader Interactions

Comments

  1. Nishant Shah says

    February 9, 2023 at 12:33 am

    Trend Micro carried out a field test to shed light on the potential security risks involved with implementing Private 5G. Following are the highlights of the test:

    1. An open Private 5G system has four possible penetration routes.
    2. There are three signal interception points in the core network.
    3. The core network can be used as a springboard to attack the manufacturing site.

    Penetration routes: (i) Core Network (CN) hosting server vulnerabilities (ii) VM/Container attack such as ‘Container Escape’ (iii) Network infrastructure vulnerabilities (iv) Insecure base station

    Signal interception points: (i) Link between CN and Internet (ii) The point between serving gateway (SGW) and packet gateway (PGW) (iii) The point between the base station and the core network

    Six attack methods:
    (i) MQTT Hijacking – Product damage, manufacturing process impairment
    (ii) Modbus/TCP Hijacking – Product damage, manufacturing process impairment
    (iii) PLC firmware reset – Product damage, manufacturing process impairment
    (iv) DNS Hijacking – Stealing confidential information, malware infection
    (v) Remote desktop exploits – Stealing confidential information, lateral movement
    (vi) SIM swapping – Stealing confidential information, lateral movement

    Recommended safety measures:
    (i) Enforcing encryption and authentication/permissions in the core network
    (ii) Verifying security at the PoC phase
    (iii) Building a structure to detect abnormalities swiftly

    https://www.trendmicro.com/en_us/research/21/j/security-risks-with-private-5g-Networks-in-manufacturing-part-3.html
    https://www.trendmicro.com/en_us/research/21/k/private-5g-security-risks-in-manufacturing-part-4.html

    Log in to Reply
  2. Chinenye Marylyn Akinola says

    February 11, 2023 at 5:35 am

    Authentication Security: Crafting a Bulletproof Password Reset Process

    In today’s fast-paced business environment, employees forgetting passwords or becoming locked out of devices is a headache for both users and IT teams alike. In addition, cyber-attackers are increasingly using the password reset process to gain unauthorized access to organizations’ network.

    This webinar will highlight the common methods used by attackers to gain access to employees’ accounts, and the scale of the damage caused by these compromises.

    The panelists will then share insights how to strengthen your password reset process to keep your data secure and free up your IT team to focus on more pressing matters. They will also highlight the importance of regular password vulnerability audits and how to protect your organization when credentials are compromised.

    In this session you will learn:

    1) An understanding of the current state of password security
    2) How to create a password reset process that is secure, efficient and user-friendly
    3) How to implement a rounded password security strategy

    https://www.infosecurity-magazine.com/webinars/authentication-security-password/

    Log in to Reply
  3. Pranavi Yadalam Sekhar says

    February 11, 2023 at 11:36 am

    Refund and Invoice Scams Surge in Q4:
    https://www.infosecurity-magazine.com/news/refund-and-invoice-scams-surge-in/

    Researchers have issued a warning to customers to be on the lookout for scams that use phishing emails and vishing fraud to take their money.

    Refund and invoice fraud increased by 14% between October and November 2022, according to Avast, and then by another 22% in December.

    In order to swindle the victim, the former operates similarly to traditional tech support scams that frequently mix email and phone routes.

    Refund fraud involves a wide range of potential situations, according to the Avast research, including phony emails warning users that they have been charged twice for the same service or good. These emails also include links for customers to request refunds, or users can call a bogus phone number provided in the email instead.

    Log in to Reply
  4. Frank Kofi Kpotivi says

    February 11, 2023 at 12:23 pm

    Car companies massively exposed to web vulnerabilities
    one thing that caught my attention about this article was how many automobile companies have weakness in their systems

    Security researchers warn that the web applications and APIs of significant automakers, telematics (vehicle monitoring and logging technology) providers, and fleet operators were rife with security flaws.
    Security researcher Sam Curry outlined vulnerabilities in a thorough analysis that include everything from data theft to account takeover, remote code execution (RCE), and even stealing physical actions like starting and stopping car engines. The results are a worrying sign that the car sector is neglecting to secure its online ecosystem in its rush to introduce digital and online services.

    https://portswigger.net/daily-swig/car-companies-massively-exposed-to-web-vulnerabilities

    Log in to Reply
  5. Jill Brummer says

    February 12, 2023 at 12:33 pm

    https://www.msn.com/en-us/lifestyle/lifestyle-buzz/a-catastrophic-mutating-event-will-strike-the-world-in-2-years-report-says/ar-AA16OFT3

    A Catastrophic Mutating Event Will Strike the World in 2 Years, Report Says (msn.com)

    In summary, the article discusses that business leaders believe that a catastrophic cyber event will happen within the next 2 years. The cyber criminals are financially motivated and will grow to a $10 trillion dollar industry by 2025. “The presentation highlighting the WEF Global Security Outlook Report 2023, is that 93% of cyber leaders believe that a catastrophic cyber event is likely in the next 2 year. This far exceeds anything that we’ve seen in previous surveys.” It’s also mentioned in the article that global challenges are only growing and cites the cyber-attack aimed at shutting down Ukrainian military abilities.

    The presentation called for a global response and coordinated actions. The world leaders need to work together to prevent cyber-attacks and make new sophisticated tools a priority. An interesting fact in the article is that if cybercrime was a state, it would be the third largest global economy after the U.S. and China.

    Log in to Reply
  6. Mengqi Xiong says

    February 13, 2023 at 11:26 am

    Hackers use fake crypto job offers to push info-stealing malware
    Researchers have recently uncovered an active campaign that targets Eastern Europeans in the cryptocurrency industry to install information-stealing programs under the pretext of false employment. In this campaign, suspected Russian threat actors infected people in the cryptocurrency industry by using a number of highly obfuscated and incompletely developed custom add-ons to launch the Enigma stealer program (Enigma is a modified version of the Stealerium information stealer). In addition to these loaders, the attackers also exploited Intel driver vulnerability CVE-2015-2291 to load malicious drivers with the aim of degrading Microsoft Defender’s token integrity. This case highlights the evolving nature of modular malware that employs highly obfuscated and evasive techniques and leverages continuous integration and continuous delivery principles for ongoing malware development.

    https://www.bleepingcomputer.com/news/security/hackers-use-fake-crypto-job-offers-to-push-info-stealing-malware/

    Log in to Reply
  7. Asha Kunchakarra says

    February 13, 2023 at 12:21 pm

    A new DDoS-as-a-Service platform names Passion was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United Stated and Europe. This attack is when threat actors send many requests and garbage traffic to a target server and cause it to stop responding to legitimate requests. The origin is unknown but that is has distinctive ties with other well known Russian hacking groups. The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway and other European countries. They began promoting their service at the beginning of January 2023 performing several defacements on Japanese and south African organizations. The service operates as a subscription where customers can purchase a desirable attacks vectors, duration, and intensity. As for the cost of the service, a seven-day subscription costs $30, a month costs $120, while a full year sets back threat actors $1,440. Passion uses the Dstat.cc measurement service to showcase its L4 and L7 attack capabilities and effectiveness against DDoS mitigation providers like CloudFlare and Google Shield. Passion is added to an already flourishing DDoS ecosystem, increasing the problem for organizations worldwide that are the recipients of these attacks.

    https://www.bleepingcomputer.com/news/security/new-ddos-as-a-service-platform-used-in-recent-attacks-on-hospitals/

    Log in to Reply
  8. Sunam Rijal says

    February 13, 2023 at 9:19 pm

    Cloudflare blocks record-breaking 71 million RPS DDoS attack
    https://www.bleepingcomputer.com/news/security/cloudflare-blocks-record-breaking-71-million-rps-ddos-attack/
    Cloudflare, a cybersecurity company that provides internet infrastructure and security services, successfully mitigated a record-breaking Distributed Denial of Service (DDoS) attack that reached 71 million requests per second (RPS). The attack was carried out by an unknown attacker and targeted one of Cloudflare’s customers. Cloudflare’s DDoS protection systems were able to handle the massive traffic, and the attack was mitigated within minutes. The company noted that the attack was several times larger than any other DDoS attack it had seen before. Cloudflare’s ability to handle such a massive attack is a evidenct to its infrastructure and the effectiveness of its DDoS protection systems.
    Cloudflare was able to mitigate the record-breaking DDoS attack by utilizing a combination of techniques and technologies. Some of these techniques include rate limiting, filtering, and routing traffic through its global network of data centers. Cloudflare also employs machine learning and behavioral analysis to detect and block malicious traffic. In this specific attack, Cloudflare was able to leverage its DDoS protection systems to handle the massive traffic volume and block the attack within minutes. Additionally, Cloudflare continuously monitors and adjusts its defense systems to stay ahead of emerging threats.

    Log in to Reply
  9. Nicholas Foster says

    February 13, 2023 at 9:49 pm

    North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations

    The article I have chosen to highlight this week speaks to North Korean nation state actors attempting to encrypt healthcare data. As previously seen, in order to restore your files, you must pay a ransom in the form of crypto. Both South Korea and the US have joined together to warn hospitals of the ever-growing threat. The article highlights mitigating controls in order to help reduce likelihood of failing prey to these ransomware attacks. “The agencies recommend organizations to implement the principle of least privilege, disable unnecessary network device management interfaces, enforce multi-layer network segmentation, require phishing-resistant authentication controls, and maintain periodic data backups.”

    https://thehackernews.com/2023/02/north-korean-hackers-targeting.html

    Log in to Reply
  10. Abayomi Aiyedebinu says

    February 13, 2023 at 10:10 pm

    Potential cyber-attack hits Victoria’s peak fire response agency.

    Fire Rescue Victoria (FRV) was forced to shut down their system after it suffered a mystery outage which brought down crucial dispatch systems.
    The shutdown means firefighters are reverting to radios and mobile phones to receive information, and it also impacted the organization’s internal email system and website. This is a very good example of DDOS attack it’s interesting to note that there is no industry or agency that is immune to this attack, and it could lead to financial loss and operational mishap.

    https://www.9news.com.au/national/fire-rescue-victoria-potential-cyber-attack-manual-operation/1f86f247-d761-4fc0-afef-8e9fab821a38

    Log in to Reply
  11. Wei Zhang says

    February 13, 2023 at 10:19 pm

    On February 5, Reddit was hit by a cyber attack. Its internal systems were hit by a “sophisticated” and “highly targeted” phishing attack that compromised employee credentials.
    “The attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway in an attempt to steal credentials and second-factor tokens. After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
    However, Reddit said there was “no indication” that the company’s main production system, where most of its data is stored, had been breached. The exposed data is the limited contact information for company contacts and employees.
    https://www.infosecurity-magazine.com/news/reddit-hit-phishing-attack-source/

    Log in to Reply
  12. Aayush Mittal says

    February 13, 2023 at 10:33 pm

    Lumen research reveals latest DDoS stats, trends, predictions and costs

    The report includes 2023 predictions, a DDoS cost breakdown, and 2022 Q4 and full-year data from the Lumen DDoS mitigation service. Nearly 90% of Q4 DDoS attacks were potentially ‘hit and run” style probing attacks (smaller attacks can be effective tools for gathering valuable intelligence about a target’s defenses, response capabilities, and potential payload which eventually can be utilized to plan a large attack). According to Q4 2022 number, the largest attacks targeted the Telecoms, Software & Technology and Gaming industries. Whereas most common attack methods were Domain Name System (DNS) Amplification and TCP-SYN Flooding.

    https://www.yahoo.com/lifestyle/lumen-research-reveals-latest-ddos-125700360.html
    https://assets.lumen.com/is/content/Lumen/lumen-quarterly-ddos-report-q-4-22

    Log in to Reply
  13. Shepherd Shenjere says

    February 14, 2023 at 10:31 am

    GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact

    The vulnerability, tracked as CVE-2023-0669, was disclosed by GoAnywhere developer Fortra on February 1, after the company became aware of in-the-wild exploitation. Mitigations and indicators of compromise (IoCs) were released immediately, but a patch was only made available a week later. Community Health Systems (CHS), one of the largest healthcare services providers in the United States, revealed that a “security breach experienced by Fortra” resulted in the exposure of personal and protected health information (PHI) belonging to patients of CHS affiliates.The organization is conducting an investigation, but it currently estimates that roughly one million individuals may have been impacted by the incident. CHS said the breach does not appear to have had any impact on its own information systems and business operation, including the delivery of patient care.

    Cybersecurity firm Huntress reported last week that it had investigated an attack apparently exploiting CVE-2023-0669 and managed to link it to a Russian-speaking threat actor named Silence. This group has also been tied to TA505, a threat group known for distributing the Cl0p ransomware.

    https://www.securityweek.com/goanywhere-zero-day-attack-victims-start-disclosing-significant-impact/

    Log in to Reply
  14. Shadrack Owusu says

    February 14, 2023 at 10:37 am

    The world’s leading forum for debating international security policy known as Munich Security Conference (MSC) assembles more than 450 senior decision-makers to debate pressing issues of international security policy. The 59th Munich Security Conference (MSC) will take place from February 17 to 19, 2023, at the Hotel Bayerischer Hof in Munich, Germany.
    A major concern for stakeholders and participants is Huawei 5G technology. And related security risks. The article mentions Huawei is considered a “high-risk vendor” in certain strategic geographic areas in Europe.
    Maximilian Funke-Kaiser, a liberal member of the German Bundestag and digital policy speaker for the government party Free Democratic Party (FDP) claims “The use of Huawei technology in the mobile network runs counter to Germany’s security policy goals,” and calls it “a mistake in view of the Chinese company’s closeness to the state.”
    A lot of complexities and uncertainties surround this meeting and I am anticipating seeing the outcome.

    https://www.politico.eu/article/munich-security-conference-huawei-mast-5g-germany/

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (1)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (4)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (5)
  • 11 – Data Protection (3)
Fox School of Business

Copyright © 2023 · Course News Pro on Genesis Framework · WordPress · Log in