As we discuss host and specifically server hardening this week, I thought this article would be interesting to think about some of the challenges that arise during the hardening process. The author Pollack explains that system hardening is changing the system’s default configurations (function-oriented) to make sure they are capable of protecting (security-oriented) the system. The system hardening is crucial for the firms because the threat environment becomes more and more challenging and establishing secure configurations will help protect against different attack techniques. Also, most organizations have regulations that require implementing a robust hardening policy.
So, now that we are aware of the importance of hardening and its three stages (policies, impact analysis, monitoring), it’s time to look at some of the challenges.
1. Generating an Impact Analysis Report
2. Policy Implementation and Change Management
3. Remaining Compliant
Every challenge listed above offers automated and non-automated solution approaches, and I will mention those in the class.
I thought this article was timely given last week’s discussion of the Equifax breach. I believe that regulation will increase in efforts to curb the increase in cyber attacks.
The SEC is proposing new rules for publicly traded companies to disclose breaches within four days of being identified. In addition companies would need to disclose details about how the company manages cyber risk. The proposed rules would require companies to “provide more comprehensive and standardized disclosures of their cybersecurity strategies, governance and risk management…including to what extent they prioritize cybersecurity in their financial and business planning.” In addition, the proposal calls for standards in incident reporting requiring companies to disclose using machine readable xRBL. xRBL is a framework for exchanging business information.
The proposal is the result of bipartisan lawmakers requesting expanded cybersecurity incident reporting requirements. SEC chair Gary Gensler stated that the changes should help to “provide investors with enhanced disclosures around cybersecurity incidents, along with critical information about a registrant’s cybersecurity risk management.”
IT Leaders: Pay Attention To These 8 Security Megatrends In 2022
These aren’t just transient issues to be ignored once 2023 rolls around—they guide the development of cloud security and technology, and will continue to do so for the foreseeable future.
We are often asked if the cloud is more secure than on-premises infrastructure. The quick answer is that, in general, it is. The more complete answer is more nuanced.
Google speaking with confidence on its approach to prioritizing security by design and having highly capable security engineers. Additionally, we also take advantage of industry “megatrends” that increase cloud security further, outpacing the security of on-prem infrastructure.
8 Industry megatrends that increase cloud security further
Economy of scale
Shared fate
Healthy competition
Cloud as the digital immune system
Software-defined infrastructure
Increasing deployment velocity
Simplicity
Sovereignty meets sustainability
https://thehackernews.com/2022/03/russian-pushing-its-new-state-run-tls.html
Russia has created its own TLS certificate authority to bypass sanctions and solve the website access issues that have been piling up after sanctions prevent certificate renewals by the rest of the world. Sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates. The domestic authority in the Russian state has come up with a solution by using domestic certificate authority for independent issuing and renewals of TLS certificates. However, so for only a few new certificate authorities (CA) are being trusted by a web browser. Currently, the only web browsers that recognize Russia’s new CA as trustworthy are the Russian-based Yandex browser and atom products. The users of other websites like Chrome or Firefox can manually add the new Russian root certificate to continue using Russian sites that feature the state-issued certificated.
https://thenewstack.io/kubernetes-is-a-high-value-cyberwar-target/
“Kubernetes Is a High-Value Cyberwar Target” is talked how Kubernetes could be affected by a modern military conflict. The author showed that Computer Network Attack (CNA) is the most closely related to military activity as it involved to disrupt, deny, degrade/destroy. Kubernetes (K8s) is a cluster and container management tools to deploy containers to clusters and works with different containers. In fact, the K8s system automates the deployment and management of cloud native applications using on-premises infrastructure/public cloud platforms. Because K8s allows an organization to scale their workloads very easily, K8s is adopted broadly. The benefit is also a critical weakness when thinking how a hacker may attempt to disrupt an organization’s operations. The author discusses his 2-step process to attack K8s. He mentioned about a recent Linux kernel vulnerability (CVE-2022-0185) – an uncommon container escape.
South Denver Cardiology Associates has been hit with a data breach that has exposed 287,000 patient’s medical information. An unknown attacker was inside their database for 3 days before being detected. The attack has confirmed the access of patient’s PII, including SS numbers, names, DOB, health insurance info, diagnosis and different types of services received. SDCA has stated at this time that no patient information has been misused at this time.
Interpol thinks the policing model needs to change with cybercrime as criminals upgrade their working model. The global pandemic has digitized the world and law enforcement needs to upgrade itself to keep ahead of the cybercriminals. According to Craig Jones, Interpol cybercrime director, as criminals have evolved in our digital space, law enforcement is required to move away from traditional methods in order to tackle these ecosystems. Otherwise, cyber criminals will freely operate in a borderless environment attacking our day-to-day infrastructure. He suggests the way forward for law enforcement would be to share data with other agencies outside their jurisdictions. Lastly, he added, “ Geopolitical elements also impact our actions as well – the offensive efficiency of law enforcement to be able to take coordinated actions to prevent, detect, investigate and disrupt the cyber threat actors.”
While the importance of strong passwords and secure password management is known and recognized in many organizations, there are still a large number of businesses today that store passwords in plaintext on files that are not even password protected. Many organizations struggle with password and identity management. One common issue that is faced in password management is the number of passwords needed in the workplace. SSO solutions combat this issue but 45% of organizations have implemented password management systems, leaving employees in a position to re-use passwords or use similar passwords.
Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021
Intel 471 states that 34 different ransomware variants were found in 722 ransomware attacks in the fourth quarter of 2021. LockBit 2.0, Conti, PYSA, Hive, and Grief emerged as the most prevalent strains, and LockBit 2.0 usage accounted for 29.7% of all reported incidents. The United States, Italy, Germany, France, and Canada are the main attack countries for LockBit 2.0.
ransomware attacks in the fourth quarter,
Consumer and industrial products accounted for 23.7% of all attacks, followed by manufacturing at 15.9% and then is professional services and consulting at 15.4%. Compared to the third quarter, the consumer and industrial products sector rose by 22.2%.
“Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords”
French video game company Ubisoft on Friday confirmed it was a victim of a “cyber security incident,” causing temporary disruptions to its games, systems, and services.
The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure.
This article mentions how password length and complexity rules are not enough to prevent brute force attacks. From a population of 800 million breached passwords the article found, “93% of the passwords used in brute force attacks were eight characters or more in length, while 41% were 12 characters or more… Password complexity rules don’t always help either; 68% of passwords used in real attacks used at least two character types”. In addition to complexity and length requirements, the article also reveals that lack of an account reactivation verification process as well as password reuse, sharing, and user management are common threats that lead to brute force attacks. In order for a user to generate a complex password the article recommends using root words based on their common interests such as seasons, months, movies, and sports teams.
Nominet suspends ‘single digit’ number of Russian dot-UK domain registrars
Nominet is a UK domain registrar that has announced they will be suspending services for Russian web domain registrars. This suspension will make is so these registrars will not be able to manage or renew any .uk domains that they own. There is a reported “single-digit” number of active Russian registrars in Nominet. Some hold the opinion that these sanctions will not have much impact, as the Russian registrars can simply register domains via a reseller.
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
The Israeli government was the victim of a DDoS attack on Monday. The entry of the attack was a telecommunications provider and this attack took down several government sites. This led to Israel to declare a state of emergency due to this being the largest cyberattack Israel has ever faced. Some of the sites taken down included the Israeli departments of interior, health, justice, welfare and the Prime Minister’s office. Cybersecurity experts within the country believe that only a nation-state backed threat actor could have pulled this large-scale attack. It is rumored that Iran is behind the attack as retaliation for Israel’s attempt to breach Iran’s nuclear infrastructure.
The article I chose for this week entails today’s most common yet detrimental cyber attacks. The article starts off by stating falling victim to these threats aren’t necessarily the company’s / victim’s fault. Nevertheless, the company / victim could always do more to beef up their security. The article briefly mentions notable recent events such as; the colonial pipeline ransomware attack, “data intrusions involving firms like Asiaciti Trust and Il Shin”, and even daily security breaches that ultimately lead to identity theft. The article concludes with acknowledging that managing cyber risks is a team effort. Moreover, scouting and adding new talent / personnel can be beneficial to an organization’s security goals.
Here are the 5 most common risks that the article outlines for us (but with critical details):
– Targeted spearphishing campaigns (email and social media threats)
– Ransomware attacks
– Insider threats (data theft with permission)
– Distributed Denial of Service Attacks (DDoS)
– Zero-day exploits
I thought this was an interesting article as it pertains to data poisoning against Artificial Intelligence. Usually when searching AI it is often that you here how AI can be used as a weapon against humanity. However, I had a thought that I wanted to search for – what if humanity attacked the AI and manipulated the data in order to re-appropriate it’s purpose for something else? This article discusses just that, where “hackers” would use inputs such as replacing the 85 mph sign with a 35 mph sticker, and the AI would automatically slow down the car as it was reading the input based on the instructions on speed limit signs. Essentially, if you feed the AI false data you are “poisoning” it’s input and can cause unwanted behavior. In fact, although this is more of a controversial topic. This has already happened to multiple social media accounts in the past. For example, there was an AI that Microsoft released on Twitter to learn from the social media platform. Almost immediately the AI was corrupted by the internet in efforts to corrupt it into saying heinous material as a form of “trolling”.
The moral here is that if AI is going to progress safely, there has to be input validation and protections towards the data if computer scientists want to facilitate a specific purpose. Which draws back to the CIA security objectives that we talk about in class. Protecting the integrity of this information is vital for AI to operate.
SentinelOne pays $617m for identity biz Attivo Networks
Author – Jessica Handcastle
3/15/22
The article I read this week discusses a major purchase in the realm of cybersecurity that took place recently. The firm SentinelOne purchased the identity security vendor Attivo Networks for $616.5 million. The firm believes that the acquisition will increase its market in the realm of identity threat detection & response in their XDR tech by roughly $4 billion, calling the acquisition the missing link. XDR works by collecting & analyzing logs in response to potential threats, & the aim is to centralize security data & incident response. SentinelOne is one of several companies that have been moving into the realm of XDR recently, along with CrowdStrike & McAfee, and it isn’t their first purchase in XDR, either, as they acquired the data analytics platform Scalyr last year. The reason for this is because larger cybersecurity firms want to obtain “zero-trust enabling technologies” to integrate into their platforms. Attivo believes that combining their technology with SentinelOne’s XDR will bring real-time identity threat detection/response to the front lines of cyber defense.
I found this article interesting because it’s related to encryption and it’s just insane how hackers work to steal people sensitive information and maybe sell it or use it for their own benefit. . This article is about hackers who has stolen thousand of secret keys due to leaked Samsung source code. A group of cybercriminals called Lapsus claim to have stolen 190 Gb of data and the tech giant has confirmed that the compromised information included source code related to Galaxy devices. Source codes belonging to the victims (some of the victims) were made public and that’s cybercriminals were able to steal the codes and exploit the system.
Miray Bolukbasi says
Article: Overcoming the 3 Biggest Challenges in System Hardening
Link: https://www.infosecurity-magazine.com/blogs/biggest-challenges-system-hardening/
As we discuss host and specifically server hardening this week, I thought this article would be interesting to think about some of the challenges that arise during the hardening process. The author Pollack explains that system hardening is changing the system’s default configurations (function-oriented) to make sure they are capable of protecting (security-oriented) the system. The system hardening is crucial for the firms because the threat environment becomes more and more challenging and establishing secure configurations will help protect against different attack techniques. Also, most organizations have regulations that require implementing a robust hardening policy.
So, now that we are aware of the importance of hardening and its three stages (policies, impact analysis, monitoring), it’s time to look at some of the challenges.
1. Generating an Impact Analysis Report
2. Policy Implementation and Change Management
3. Remaining Compliant
Every challenge listed above offers automated and non-automated solution approaches, and I will mention those in the class.
Matthew Bryan says
Article: SEC proposes mandatory breach reporting for publicly traded companies
Author: Chris Riotta,
Published: 3-9-22
Link: https://fcw.com/security/2022/03/sec-proposes-mandatory-breach-reporting-publicly-traded-companies/362975/
I thought this article was timely given last week’s discussion of the Equifax breach. I believe that regulation will increase in efforts to curb the increase in cyber attacks.
The SEC is proposing new rules for publicly traded companies to disclose breaches within four days of being identified. In addition companies would need to disclose details about how the company manages cyber risk. The proposed rules would require companies to “provide more comprehensive and standardized disclosures of their cybersecurity strategies, governance and risk management…including to what extent they prioritize cybersecurity in their financial and business planning.” In addition, the proposal calls for standards in incident reporting requiring companies to disclose using machine readable xRBL. xRBL is a framework for exchanging business information.
The proposal is the result of bipartisan lawmakers requesting expanded cybersecurity incident reporting requirements. SEC chair Gary Gensler stated that the changes should help to “provide investors with enhanced disclosures around cybersecurity incidents, along with critical information about a registrant’s cybersecurity risk management.”
Oluwaseun Soyomokun says
IT Leaders: Pay Attention To These 8 Security Megatrends In 2022
These aren’t just transient issues to be ignored once 2023 rolls around—they guide the development of cloud security and technology, and will continue to do so for the foreseeable future.
We are often asked if the cloud is more secure than on-premises infrastructure. The quick answer is that, in general, it is. The more complete answer is more nuanced.
Google speaking with confidence on its approach to prioritizing security by design and having highly capable security engineers. Additionally, we also take advantage of industry “megatrends” that increase cloud security further, outpacing the security of on-prem infrastructure.
8 Industry megatrends that increase cloud security further
Economy of scale
Shared fate
Healthy competition
Cloud as the digital immune system
Software-defined infrastructure
Increasing deployment velocity
Simplicity
Sovereignty meets sustainability
https://www.forbes.com/sites/googlecloud/2022/01/11/it-leaders-pay-attention-to-these-8-security-megatrends-in-2022/?sh=66f431f7381c
Mohammed Syed says
https://thehackernews.com/2022/03/russian-pushing-its-new-state-run-tls.html
Russia has created its own TLS certificate authority to bypass sanctions and solve the website access issues that have been piling up after sanctions prevent certificate renewals by the rest of the world. Sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates. The domestic authority in the Russian state has come up with a solution by using domestic certificate authority for independent issuing and renewals of TLS certificates. However, so for only a few new certificate authorities (CA) are being trusted by a web browser. Currently, the only web browsers that recognize Russia’s new CA as trustworthy are the Russian-based Yandex browser and atom products. The users of other websites like Chrome or Firefox can manually add the new Russian root certificate to continue using Russian sites that feature the state-issued certificated.
Hang Nu Song Nguyen says
https://thenewstack.io/kubernetes-is-a-high-value-cyberwar-target/
“Kubernetes Is a High-Value Cyberwar Target” is talked how Kubernetes could be affected by a modern military conflict. The author showed that Computer Network Attack (CNA) is the most closely related to military activity as it involved to disrupt, deny, degrade/destroy. Kubernetes (K8s) is a cluster and container management tools to deploy containers to clusters and works with different containers. In fact, the K8s system automates the deployment and management of cloud native applications using on-premises infrastructure/public cloud platforms. Because K8s allows an organization to scale their workloads very easily, K8s is adopted broadly. The benefit is also a critical weakness when thinking how a hacker may attempt to disrupt an organization’s operations. The author discusses his 2-step process to attack K8s. He mentioned about a recent Linux kernel vulnerability (CVE-2022-0185) – an uncommon container escape.
Corey Arana says
South Denver Cardiology Associates has been hit with a data breach that has exposed 287,000 patient’s medical information. An unknown attacker was inside their database for 3 days before being detected. The attack has confirmed the access of patient’s PII, including SS numbers, names, DOB, health insurance info, diagnosis and different types of services received. SDCA has stated at this time that no patient information has been misused at this time.
https://portswigger.net/daily-swig/data-breach-at-us-heart-disease-treatment-center-impacts-287-000-individuals
Elizabeth Gutierrez says
Article: Interpol: Policing model needs to change with cybercrime
Link: https://www.theregister.com/2022/02/17/interpol_cybercrime/
Interpol thinks the policing model needs to change with cybercrime as criminals upgrade their working model. The global pandemic has digitized the world and law enforcement needs to upgrade itself to keep ahead of the cybercriminals. According to Craig Jones, Interpol cybercrime director, as criminals have evolved in our digital space, law enforcement is required to move away from traditional methods in order to tackle these ecosystems. Otherwise, cyber criminals will freely operate in a borderless environment attacking our day-to-day infrastructure. He suggests the way forward for law enforcement would be to share data with other agencies outside their jurisdictions. Lastly, he added, “ Geopolitical elements also impact our actions as well – the offensive efficiency of law enforcement to be able to take coordinated actions to prevent, detect, investigate and disrupt the cyber threat actors.”
Amelia Safirstein says
While the importance of strong passwords and secure password management is known and recognized in many organizations, there are still a large number of businesses today that store passwords in plaintext on files that are not even password protected. Many organizations struggle with password and identity management. One common issue that is faced in password management is the number of passwords needed in the workplace. SSO solutions combat this issue but 45% of organizations have implemented password management systems, leaving employees in a position to re-use passwords or use similar passwords.
https://mytechdecisions.com/network-security/password-security-lastpass/
Yangyuan Lin says
Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021
Intel 471 states that 34 different ransomware variants were found in 722 ransomware attacks in the fourth quarter of 2021. LockBit 2.0, Conti, PYSA, Hive, and Grief emerged as the most prevalent strains, and LockBit 2.0 usage accounted for 29.7% of all reported incidents. The United States, Italy, Germany, France, and Canada are the main attack countries for LockBit 2.0.
ransomware attacks in the fourth quarter,
Consumer and industrial products accounted for 23.7% of all attacks, followed by manufacturing at 15.9% and then is professional services and consulting at 15.4%. Compared to the third quarter, the consumer and industrial products sector rose by 22.2%.
Link: https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html
Jason Burwell says
“Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords”
French video game company Ubisoft on Friday confirmed it was a victim of a “cyber security incident,” causing temporary disruptions to its games, systems, and services.
The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure.
https://thehackernews.com/2022/03/gaming-company-ubisoft-confirms-it-was.html
Bryan Garrahan says
https://www.itpro.co.uk/security/cyber-security/365553/password-complexity-rules-arent-enough-to-protect-employees-from
This article mentions how password length and complexity rules are not enough to prevent brute force attacks. From a population of 800 million breached passwords the article found, “93% of the passwords used in brute force attacks were eight characters or more in length, while 41% were 12 characters or more… Password complexity rules don’t always help either; 68% of passwords used in real attacks used at least two character types”. In addition to complexity and length requirements, the article also reveals that lack of an account reactivation verification process as well as password reuse, sharing, and user management are common threats that lead to brute force attacks. In order for a user to generate a complex password the article recommends using root words based on their common interests such as seasons, months, movies, and sports teams.
Ryan Trapp says
Nominet suspends ‘single digit’ number of Russian dot-UK domain registrars
Nominet is a UK domain registrar that has announced they will be suspending services for Russian web domain registrars. This suspension will make is so these registrars will not be able to manage or renew any .uk domains that they own. There is a reported “single-digit” number of active Russian registrars in Nominet. Some hold the opinion that these sanctions will not have much impact, as the Russian registrars can simply register domains via a reseller.
https://www.theregister.com/2022/03/15/nominet_suspends_russian_registrars/
Michael Galdo says
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
The Israeli government was the victim of a DDoS attack on Monday. The entry of the attack was a telecommunications provider and this attack took down several government sites. This led to Israel to declare a state of emergency due to this being the largest cyberattack Israel has ever faced. Some of the sites taken down included the Israeli departments of interior, health, justice, welfare and the Prime Minister’s office. Cybersecurity experts within the country believe that only a nation-state backed threat actor could have pulled this large-scale attack. It is rumored that Iran is behind the attack as retaliation for Israel’s attempt to breach Iran’s nuclear infrastructure.
https://threatpost.com/cyberattacks-israeli-government-sites-largest/178927/
Joshua Moses says
The article I chose for this week entails today’s most common yet detrimental cyber attacks. The article starts off by stating falling victim to these threats aren’t necessarily the company’s / victim’s fault. Nevertheless, the company / victim could always do more to beef up their security. The article briefly mentions notable recent events such as; the colonial pipeline ransomware attack, “data intrusions involving firms like Asiaciti Trust and Il Shin”, and even daily security breaches that ultimately lead to identity theft. The article concludes with acknowledging that managing cyber risks is a team effort. Moreover, scouting and adding new talent / personnel can be beneficial to an organization’s security goals.
Here are the 5 most common risks that the article outlines for us (but with critical details):
– Targeted spearphishing campaigns (email and social media threats)
– Ransomware attacks
– Insider threats (data theft with permission)
– Distributed Denial of Service Attacks (DDoS)
– Zero-day exploits
https://augustafreepress.com/surveying-the-cyber-threat-landscape-5-risks-for-your-company-today/
Michael Duffy says
I thought this was an interesting article as it pertains to data poisoning against Artificial Intelligence. Usually when searching AI it is often that you here how AI can be used as a weapon against humanity. However, I had a thought that I wanted to search for – what if humanity attacked the AI and manipulated the data in order to re-appropriate it’s purpose for something else? This article discusses just that, where “hackers” would use inputs such as replacing the 85 mph sign with a 35 mph sticker, and the AI would automatically slow down the car as it was reading the input based on the instructions on speed limit signs. Essentially, if you feed the AI false data you are “poisoning” it’s input and can cause unwanted behavior. In fact, although this is more of a controversial topic. This has already happened to multiple social media accounts in the past. For example, there was an AI that Microsoft released on Twitter to learn from the social media platform. Almost immediately the AI was corrupted by the internet in efforts to corrupt it into saying heinous material as a form of “trolling”.
The moral here is that if AI is going to progress safely, there has to be input validation and protections towards the data if computer scientists want to facilitate a specific purpose. Which draws back to the CIA security objectives that we talk about in class. Protecting the integrity of this information is vital for AI to operate.
https://www.afcea.org/content/hacking-poses-risks-artificial-intelligence
Alexander William Knoll says
SentinelOne pays $617m for identity biz Attivo Networks
Author – Jessica Handcastle
3/15/22
The article I read this week discusses a major purchase in the realm of cybersecurity that took place recently. The firm SentinelOne purchased the identity security vendor Attivo Networks for $616.5 million. The firm believes that the acquisition will increase its market in the realm of identity threat detection & response in their XDR tech by roughly $4 billion, calling the acquisition the missing link. XDR works by collecting & analyzing logs in response to potential threats, & the aim is to centralize security data & incident response. SentinelOne is one of several companies that have been moving into the realm of XDR recently, along with CrowdStrike & McAfee, and it isn’t their first purchase in XDR, either, as they acquired the data analytics platform Scalyr last year. The reason for this is because larger cybersecurity firms want to obtain “zero-trust enabling technologies” to integrate into their platforms. Attivo believes that combining their technology with SentinelOne’s XDR will bring real-time identity threat detection/response to the front lines of cyber defense.
https://www.theregister.com/2022/03/15/sentinelone_attivo_617m/
Ornella Rhyne says
I found this article interesting because it’s related to encryption and it’s just insane how hackers work to steal people sensitive information and maybe sell it or use it for their own benefit. . This article is about hackers who has stolen thousand of secret keys due to leaked Samsung source code. A group of cybercriminals called Lapsus claim to have stolen 190 Gb of data and the tech giant has confirmed that the compromised information included source code related to Galaxy devices. Source codes belonging to the victims (some of the victims) were made public and that’s cybercriminals were able to steal the codes and exploit the system.
https://www.securityweek.com/thousands-secret-keys-found-leaked-samsung-source-code?&web_view=true