Disaster Recovery as a Service (DRaaS) is a cloud based subscription service that protects applications and data from disruption due to disaster. This helps to maintain business continuity during disasters and other disruptions to service. The global DRaaS market is expected to grow from $5.79 billion in 2021 to $8.08 billion in 2022.
Key features of DRaaS solutions include backup and recovery, real-time replication, and data-protection. These are typically deployed in a premise-to-cloud and cloud-to-cloud models using public, private, and hybrid cloud approaches.
The growth in DRaaS is due to the rampant growth in data production. Unplanned downtime creates huge financial losses for companies dependent on this data. DRaaS helps provide companies with insurance against unplanned downtime due to disasters and cyber attacks. Some companies are hesitant to adopt DRaaS technology due to concerns around data breaches at the providers. This is a constraint on the market’s growth.
Remote code execution flaws in spring and spring cloud frameworks put java apps at risk.
Spring Cloud is a framework that develops cloud applications for a distributed system. It provides subcomponents for integration with specific public clouds. For example Azure, AWS, and Alibaba.
Spring is the most famous open-source framework for developing java applications. The weakness, which has since been dubbed spring shell or spring4shell, came to light with the Chinese developer’s release of a Proof of concept to exploit on GitHub and then removed it. There was also some early confusion between this vulnerability and a different one patched in Spring Cloud.
They confirmed this new vulnerability in the spring framework itself and release versions 5.3.18 and 5.2.220 to address it.
This passage of cyber incident reporting legislation was quite a surprise for me as I would assume it was always required to inform CISA for incidents. However, this article digs deep into the requirements and reporting schedule as it will become mandatory soon for critical infrastructure companies in specific sectors. To apply the law accurately, CISA also reported 16 US critical infrastructure sectors including communications, manufacturing, defense industrial, emergency services, commercial facilities, chemical, and many more..
The purpose of the law mentioned is to deter organizations from making ransomware payments, provide more intelligence into cyberattack and threat actor plans, to assist in information sharing between federal agencies, to ensure a standardized approach to dealing with critical infrastructure cyber attacks.
As listed on CISA’s website, https://www.cisa.gov/critical-infrastructure-sectors, the reporting must include (1) relevant vulnerabilities, (2) efforts taken to mitigate the attack, (3) categories of data believed to have been accessed or acquired by an authorized person and any actor reasonably believe to responsible for the inside, (4) supplement organizations information as new or different information becomes available.
https://www.unodc.org/e4j/en/cybercrime/module-3/key-issues/the-role-of-cybercrime-law.html
This reading discussed about legal framework and human rights related to cybercrime. At first, the reading introduced about the role of cybercrime law: why we needed to set up this law and other laws related to it such as substantive, procedural, and preventive law. The reading also had section “harmonization of laws” to demonstrate give deep understanding about these laws and their relates. The reading introduced international and regional treaties on cybercrime. The reading also looked at the relation of international human rights and cybercrime law. In short, this reading can help to how laws implemented relating to cybercrime, how to know that laws place restrictions on the Internet access but are not abused and are in accordance with the human rights and the rule of law.
Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles
The University of Oxford and Armasuisse S+T have discovered that a method dubbed “Brokenwire” interferes with the control communications that take place between the vehicle and the charger. Here are the details of a new attack technique against the popular Combined Charging System (CCS) that can disrupt the ability of electric vehicles to charge from a distance of up to 47m (151ft). Brokenwire causes the charging process to stop unexpectedly by transmitting malicious electromagnetic signals. Attacks can use various combinations of off-the-shelf components, such as software-defined radios, power amplifiers, and dipole antennas.
Brokenwire could have a direct impact on the 12 million battery-electric vehicles on the world’s roads, as well as a profound impact on a new wave of fleet electrification for private businesses and key public services. Also, not only would this be an inconvenience to individuals, interruptions to the charging of critical vehicles such as electric ambulances could be life-threatening.
Network cavity blamed for data breach at Japanese candy maker Morinaga
Japanese confectionary manufacturer Morinaga has warned that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers.
Potentially exposed information includes the names, addresses, telephone numbers, dates of birth, purchase histories, and, in fewer than 4,000 instances, email addresses of affected Morinaga Direct customers.
The firm fears that attackers accessed several servers managed by the vendor after exploiting vulnerabilities in its network.
The firm – which apologized to its customers, business partners, and other stakeholders – stated that the exposed information excluded credit card information.
In a disturbing new trend, cybercriminals have been found to be sending fake “emergency data requests” (EDRs) to steal sensitive customer data from internet service providers, phone companies and social media firms. The method involves cybercriminals compromising legitimate law enforcement email accounts. With that access, they then send unauthorized requests for subscriber data while claiming that the requested information relates to an urgent matter of life and death that cannot wait for a court order. Apple, Meta, and Discord are examples of companies who have fallen victim to this fraud as they do not have specific tools to verify requests from law enforcement. When this issue was originally brought to light in late 2021, it prompted the introduction of legislation to combat counterfeit EDRs by requiring federal, state and tribal courts to use digital signatures for orders authorizing surveillance, domain seizures and the removal of online content.
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
A pair of recent vulnerabilities found in the automaker ecosystem might not seem like a real danger taken separately. But experts warn a lack of attention on cybersecurity could plague “smart” car and electric vehicle systems — and users — in years to come, as the use of automotive technology continues to explode.
There are a number of changes affecting incident response in healthcare systems. Ransomware attacks have become more efficient. The number of days between gaining unauthorized access to the network and locking down systems has decreased significantly, making it extremely important for security teams to catch intruders before ransomware attacks take effect and to act swiftly if the system is hit with ransomware. Slow or unorganized responses can result in the loss of human life. Additionally, it is becoming more common for hospitals’ insurance companies to take incident response plans into consideration when calculating insurance premiums. This change has pushed upper-level management to consider incident response more seriously as incident response plans can have an immediate cost-benefit. Lastly, the increasingly frequent changes in healthcare make security architecture and documentation necessary in order for the healthcare system to stay organized. Adaptation of new services and systems can quickly become unorganized, cause confusion, and allow for unacceptable incident response times if documentation and formal plans are not put into place.
Mailchimp: Crook stole cryptocurrency clients’ mailing-list subscriber info
Staff at the company Mailchimp were socially enginneered into giving a hacker access to someone’s internal system credentials. The hacker used these credentials to gain access to an internal tool which in turn led to data from over 100 high-value customers being stolen. The customers were all belonging to the cryptocurrency and finance industry. Mailchimp has begun an investigation into what happened and also hired a digitcal forensics expert for help. It was determined some account’s API keys were accessed. Mailchimp has since disabled those keys and implemented protections so that they cannot be re-enabled.
Okta, a prominent identity authentication and management vendor, has caught a lot of backlash for their involvement and subsequently their response to a January breach which impacted Sitel’s network, who was a third-party support provider. The attack was headed by the Lapsus group and according to reports Okta did not disclose information related to the breach for almost two months. Researchers believe Okta released a response in response to Lapsus$ posting screenshots on Telegram as evidence of the breach. Now, the company is finally admitting they made a mistake in their disclosure of the breach. The article notes, “The breach impacted support contractor Sitel, which gave the hacker group Lapsus$ the ability to access as many as 366 Okta customers, according to Okta”. While the company did mention their response was imperfect it’s interesting that they didn’t apologize for disclosing their awareness of the breach sooner.
“Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
by Jessica Lyons Hardcastle
4/25/22
US & German federal agents came down hard on Hydra, which is the longest running known dark-web marketplace which focuses in trafficking illegal drugs and money laundering services. They did so by seizing servers & crypto wallets containing $25 million in bitcoin, and by pressing criminal charges against one of their operators Dimitry Pavlov. The US Treasury Department also sanctioned the website, finding over 100 virtual currency addresses associated with its operations for illicit transactions. The site has 17 million users, and is popular amongst Russian speaking criminals It also accounted for 80% of all dark-web related transactions last year and has gained over $5 billion in cryptocurrency since 2015. The webpage works like any legit marketplace with users making accounts and buying/selling, except it was things like fake IDs, drugs, money laundering services, and other illegal activities. Pavlov was able to achieve success for Hydra by hosting a web provider called Promservice that managed dozens of servers, which in turn made up Hydra’s infrastructure. This allowed many, including Pavlov, to make a ton of money, and it allowed for Hydra to thrive.
Shoreline makes it easy to create automated remediations for well-known issues in minutes. It also helps you diagnose and repair new incidents by providing a real-time view of your fleet and the ability to change it safely and securely.
The company has created Jupyter-style notebooks to document and automate the response to common problems for a given system, providing step-by-step instructions for solving an issue, while automating the response whenever possible. The goal is to help ease the stress of reacting in the moment.
This article talks about spear phishing. Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links. Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.
The article I chose for this week is about how the State Department has launched a new Bureau of Cyberspace and Digital Policy. Russia is not only waging war in Ukraine, but they are also trying to heavily influence the internet along with their ally China. These authoritarian regimes are increasingly becoming a problem and major concern for the United States government. There is speculation that there is a potential for them to carry out cyber attacks on critical infrastructure such as; “electrical grids, banks and communications. Such attacks can cause widespread destruction and are potentially deadly if they close hospitals and nursing homes.” The goal of this new Bureau is to address cyber threats, global internet freedom, and surveillance risks. Moreover, they will work with US allies to set international norms and standards on emerging technology. There are three policy units within the new office; international cyberspace security, international information and communications policy, and digital freedom. According to the article, this move is supported by both democrats and republicans. Eventually, the President of the United States will appoint an official ambassador, and the senate will confirm him or her.
I found this short article talking about firewall trends that are increasing in 2022. With the popularity of SaaS being provided by companies, the same thing is being created as a trend for Firewalls as a Service as well. Essentially, there is a decreasing in hardware firewalls at the borders of these organization, and instead they are managed with 24/7 surveillance by another company. Which is often much more secure than doing it in-house since having the ability to have a company actively monitor the firewall at all times is much easier. There is a trend upwards for application firewalls being more affordable, since processing is faster.
As a side note, a lot of firewalls are much more advanced than old-school security. As newer equipment can provide IDS/IDPS/VPN/Proxy Filtering within all in one modules. With these capabilities being possible now in the modern era, it isn’t surprising that companies use this advantage to provide them as a service as well.
Article: Disaster Recovery as a service (DRaaS) Global Market Report 2022
Author: Report Linker
Published:Tue, March 22, 2022
Link: https://finance.yahoo.com/news/disaster-recovery-draas-global-market-172000497.html
Disaster Recovery as a Service (DRaaS) is a cloud based subscription service that protects applications and data from disruption due to disaster. This helps to maintain business continuity during disasters and other disruptions to service. The global DRaaS market is expected to grow from $5.79 billion in 2021 to $8.08 billion in 2022.
Key features of DRaaS solutions include backup and recovery, real-time replication, and data-protection. These are typically deployed in a premise-to-cloud and cloud-to-cloud models using public, private, and hybrid cloud approaches.
The growth in DRaaS is due to the rampant growth in data production. Unplanned downtime creates huge financial losses for companies dependent on this data. DRaaS helps provide companies with insurance against unplanned downtime due to disasters and cyber attacks. Some companies are hesitant to adopt DRaaS technology due to concerns around data breaches at the providers. This is a constraint on the market’s growth.
https://www.csoonline.com/article/3655932/remote-code-execution-flaws-in-spring-and-spring-cloud-frameworks-put-java-apps-at-risk.html
Remote code execution flaws in spring and spring cloud frameworks put java apps at risk.
Spring Cloud is a framework that develops cloud applications for a distributed system. It provides subcomponents for integration with specific public clouds. For example Azure, AWS, and Alibaba.
Spring is the most famous open-source framework for developing java applications. The weakness, which has since been dubbed spring shell or spring4shell, came to light with the Chinese developer’s release of a Proof of concept to exploit on GitHub and then removed it. There was also some early confusion between this vulnerability and a different one patched in Spring Cloud.
They confirmed this new vulnerability in the spring framework itself and release versions 5.3.18 and 5.2.220 to address it.
US Passes “game-changing” Cyber Incident Reporting Legislation
Article link: https://www.infosecurity-magazine.com/news/us-cyber-incident-reporting/
New legislation link: https://www.cisa.gov/critical-infrastructure-sectors
This passage of cyber incident reporting legislation was quite a surprise for me as I would assume it was always required to inform CISA for incidents. However, this article digs deep into the requirements and reporting schedule as it will become mandatory soon for critical infrastructure companies in specific sectors. To apply the law accurately, CISA also reported 16 US critical infrastructure sectors including communications, manufacturing, defense industrial, emergency services, commercial facilities, chemical, and many more..
The purpose of the law mentioned is to deter organizations from making ransomware payments, provide more intelligence into cyberattack and threat actor plans, to assist in information sharing between federal agencies, to ensure a standardized approach to dealing with critical infrastructure cyber attacks.
As listed on CISA’s website, https://www.cisa.gov/critical-infrastructure-sectors, the reporting must include (1) relevant vulnerabilities, (2) efforts taken to mitigate the attack, (3) categories of data believed to have been accessed or acquired by an authorized person and any actor reasonably believe to responsible for the inside, (4) supplement organizations information as new or different information becomes available.
https://www.unodc.org/e4j/en/cybercrime/module-3/key-issues/the-role-of-cybercrime-law.html
This reading discussed about legal framework and human rights related to cybercrime. At first, the reading introduced about the role of cybercrime law: why we needed to set up this law and other laws related to it such as substantive, procedural, and preventive law. The reading also had section “harmonization of laws” to demonstrate give deep understanding about these laws and their relates. The reading introduced international and regional treaties on cybercrime. The reading also looked at the relation of international human rights and cybercrime law. In short, this reading can help to how laws implemented relating to cybercrime, how to know that laws place restrictions on the Internet access but are not abused and are in accordance with the human rights and the rule of law.
Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles
The University of Oxford and Armasuisse S+T have discovered that a method dubbed “Brokenwire” interferes with the control communications that take place between the vehicle and the charger. Here are the details of a new attack technique against the popular Combined Charging System (CCS) that can disrupt the ability of electric vehicles to charge from a distance of up to 47m (151ft). Brokenwire causes the charging process to stop unexpectedly by transmitting malicious electromagnetic signals. Attacks can use various combinations of off-the-shelf components, such as software-defined radios, power amplifiers, and dipole antennas.
Brokenwire could have a direct impact on the 12 million battery-electric vehicles on the world’s roads, as well as a profound impact on a new wave of fleet electrification for private businesses and key public services. Also, not only would this be an inconvenience to individuals, interruptions to the charging of critical vehicles such as electric ambulances could be life-threatening.
Link: https://thehackernews.com/2022/04/brokenwire-hack-could-let-remote.html
Network cavity blamed for data breach at Japanese candy maker Morinaga
Japanese confectionary manufacturer Morinaga has warned that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers.
Potentially exposed information includes the names, addresses, telephone numbers, dates of birth, purchase histories, and, in fewer than 4,000 instances, email addresses of affected Morinaga Direct customers.
The firm fears that attackers accessed several servers managed by the vendor after exploiting vulnerabilities in its network.
The firm – which apologized to its customers, business partners, and other stakeholders – stated that the exposed information excluded credit card information.
https://portswigger.net/daily-swig/network-cavity-blamed-for-data-breach-at-japanese-candy-maker-morinaga
Title: Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”
Source: https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
In a disturbing new trend, cybercriminals have been found to be sending fake “emergency data requests” (EDRs) to steal sensitive customer data from internet service providers, phone companies and social media firms. The method involves cybercriminals compromising legitimate law enforcement email accounts. With that access, they then send unauthorized requests for subscriber data while claiming that the requested information relates to an urgent matter of life and death that cannot wait for a court order. Apple, Meta, and Discord are examples of companies who have fallen victim to this fraud as they do not have specific tools to verify requests from law enforcement. When this issue was originally brought to light in late 2021, it prompted the introduction of legislation to combat counterfeit EDRs by requiring federal, state and tribal courts to use digital signatures for orders authorizing surveillance, domain seizures and the removal of online content.
“Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn”
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
A pair of recent vulnerabilities found in the automaker ecosystem might not seem like a real danger taken separately. But experts warn a lack of attention on cybersecurity could plague “smart” car and electric vehicle systems — and users — in years to come, as the use of automotive technology continues to explode.
https://threatpost.com/automaker-cybersecurity-lagging-tech-adoption/179204/
There are a number of changes affecting incident response in healthcare systems. Ransomware attacks have become more efficient. The number of days between gaining unauthorized access to the network and locking down systems has decreased significantly, making it extremely important for security teams to catch intruders before ransomware attacks take effect and to act swiftly if the system is hit with ransomware. Slow or unorganized responses can result in the loss of human life. Additionally, it is becoming more common for hospitals’ insurance companies to take incident response plans into consideration when calculating insurance premiums. This change has pushed upper-level management to consider incident response more seriously as incident response plans can have an immediate cost-benefit. Lastly, the increasingly frequent changes in healthcare make security architecture and documentation necessary in order for the healthcare system to stay organized. Adaptation of new services and systems can quickly become unorganized, cause confusion, and allow for unacceptable incident response times if documentation and formal plans are not put into place.
https://healthtechmagazine.net/article/2022/04/3-shifts-driving-need-improved-incident-response-healthcare
Mailchimp: Crook stole cryptocurrency clients’ mailing-list subscriber info
Staff at the company Mailchimp were socially enginneered into giving a hacker access to someone’s internal system credentials. The hacker used these credentials to gain access to an internal tool which in turn led to data from over 100 high-value customers being stolen. The customers were all belonging to the cryptocurrency and finance industry. Mailchimp has begun an investigation into what happened and also hired a digitcal forensics expert for help. It was determined some account’s API keys were accessed. Mailchimp has since disabled those keys and implemented protections so that they cannot be re-enabled.
https://www.theregister.com/2022/04/05/mailchimp_confirms_breach/
https://venturebeat.com/2022/03/25/okta-on-handling-of-lapsus-breach-we-made-a-mistake/
Okta, a prominent identity authentication and management vendor, has caught a lot of backlash for their involvement and subsequently their response to a January breach which impacted Sitel’s network, who was a third-party support provider. The attack was headed by the Lapsus group and according to reports Okta did not disclose information related to the breach for almost two months. Researchers believe Okta released a response in response to Lapsus$ posting screenshots on Telegram as evidence of the breach. Now, the company is finally admitting they made a mistake in their disclosure of the breach. The article notes, “The breach impacted support contractor Sitel, which gave the hacker group Lapsus$ the ability to access as many as 366 Okta customers, according to Okta”. While the company did mention their response was imperfect it’s interesting that they didn’t apologize for disclosing their awareness of the breach sooner.
“Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
by Jessica Lyons Hardcastle
4/25/22
US & German federal agents came down hard on Hydra, which is the longest running known dark-web marketplace which focuses in trafficking illegal drugs and money laundering services. They did so by seizing servers & crypto wallets containing $25 million in bitcoin, and by pressing criminal charges against one of their operators Dimitry Pavlov. The US Treasury Department also sanctioned the website, finding over 100 virtual currency addresses associated with its operations for illicit transactions. The site has 17 million users, and is popular amongst Russian speaking criminals It also accounted for 80% of all dark-web related transactions last year and has gained over $5 billion in cryptocurrency since 2015. The webpage works like any legit marketplace with users making accounts and buying/selling, except it was things like fake IDs, drugs, money laundering services, and other illegal activities. Pavlov was able to achieve success for Hydra by hosting a web provider called Promservice that managed dozens of servers, which in turn made up Hydra’s infrastructure. This allowed many, including Pavlov, to make a ton of money, and it allowed for Hydra to thrive.
https://www.theregister.com/2022/04/05/us_germany_hydra/
Shoreline makes it easy to create automated remediations for well-known issues in minutes. It also helps you diagnose and repair new incidents by providing a real-time view of your fleet and the ability to change it safely and securely.
The company has created Jupyter-style notebooks to document and automate the response to common problems for a given system, providing step-by-step instructions for solving an issue, while automating the response whenever possible. The goal is to help ease the stress of reacting in the moment.
Link: https://techcrunch.com/2022/03/28/shoreline-scores-35m-series-b-to-build-automated-incident-response-platform/
This article talks about spear phishing. Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links. Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.
https://www.infosecurity-magazine.com/news/global-apt-ukraine-war-phishing/
The article I chose for this week is about how the State Department has launched a new Bureau of Cyberspace and Digital Policy. Russia is not only waging war in Ukraine, but they are also trying to heavily influence the internet along with their ally China. These authoritarian regimes are increasingly becoming a problem and major concern for the United States government. There is speculation that there is a potential for them to carry out cyber attacks on critical infrastructure such as; “electrical grids, banks and communications. Such attacks can cause widespread destruction and are potentially deadly if they close hospitals and nursing homes.” The goal of this new Bureau is to address cyber threats, global internet freedom, and surveillance risks. Moreover, they will work with US allies to set international norms and standards on emerging technology. There are three policy units within the new office; international cyberspace security, international information and communications policy, and digital freedom. According to the article, this move is supported by both democrats and republicans. Eventually, the President of the United States will appoint an official ambassador, and the senate will confirm him or her.
https://www.cnet.com/tech/services-and-software/state-department-launches-new-cybersecurity-bureau/
I found this short article talking about firewall trends that are increasing in 2022. With the popularity of SaaS being provided by companies, the same thing is being created as a trend for Firewalls as a Service as well. Essentially, there is a decreasing in hardware firewalls at the borders of these organization, and instead they are managed with 24/7 surveillance by another company. Which is often much more secure than doing it in-house since having the ability to have a company actively monitor the firewall at all times is much easier. There is a trend upwards for application firewalls being more affordable, since processing is faster.
As a side note, a lot of firewalls are much more advanced than old-school security. As newer equipment can provide IDS/IDPS/VPN/Proxy Filtering within all in one modules. With these capabilities being possible now in the modern era, it isn’t surprising that companies use this advantage to provide them as a service as well.
https://www.datamation.com/security/firewall-trends/