Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Imminent threats


MY TAKE: How Russia’s election meddling relates to industrial control hacks

By Byron  V. Acohido

While America’s attention has been  riveted on stunning disclosures of how Russia meddled in the U.S. presidential elections, the significance of a parallel, equally important development, may have gotten lost. Don’t look now folks, but the world’s superpowers are steadily marshaling forces to engage in an all-out cyber war.

History may yet prove that Russia’s manipulation of elections in America and elsewhere is, in fact, connected to the steady escalation of attacks on industrial control systems. And it’s not just Russia. Evidence has surfaced that China, USA, Israel and North Korea have also been maneuvering to take full advantage of the profoundly vulnerable state of so-called “OT” systems.

Quick context here: Gartner a few years ago coined the buzzphrase “operational technology,…more

ROUNDTABLE: The implications of Deloitte data breach, especially following hacks of Equifax, SEC

By Byron V. Acohido

The astonishing rash of disclosures of data breaches at top-tier organizations continues. Big Four accounting firm Deloitte has joined Equifax and the U.S. Securities and Exchange Commission in going public about a catastrophic loss of sensitive data.

Ironically, Deloitte a few years ago branched from its core auditing and tax services to high-end cybersecurity consulting. PricewaterhouseCoopers, another member of the Big Four club, did much the same thing.

There is no question Deloitte and PwC take cybersecurity seriously and have talented people providing valuable guidance to marquee enterprises and big government agencies. ThirdCertainty has featured experts from both consultancies in our content.

Related article: Deloitte experts offer network security …more

MY TAKE: Equifax hack highlights exposures caused by wide use of open-source protocols

By Byron V. Acohido

A major takeaway from the Equifax debacle that hasn’t gotten enough attention is this: The massive data theft happened because of a vulnerability in an open-source component, which the credit bureau failed to lock down.

Remember Heartbleed and Shellshock, the two massive security flaws discovered in open-source internet protocols back in 2014? The waves of network attacks that preyed on those flaws showed how open-source protocols—which over the years have become so widely used in business networks—actually comprise a ripe attack vector just waiting to be exploited.

Related article: Beware of open-source vulnerabilities lurking all through your network

The hackers leveraged a vulnerability in something called Apache Struts, an open-source application framework that supports the credit bureau’s web portal. It is widely used by developers of Fortune 100 companies to build web applications. In Equifax’s case, hackers used the flaw to access and remove copies of files for over two months, between May 13 and July 30, 2017.

When it seemed like the breach couldn’t get any worse for Equifax, the company also revealed that they knew about the vulnerability and tried to patch it in March.

Vulnerabilities are common

As Jeff Williams, co-founder and CTO of Contrast Security explains, “Essentially, an attacker could send a single HTTP request—just like the ones your browser sends—except with a specially crafted header that contains the attack. Through a series of unfortunate events, the Struts framework treats this header as an expression, effectively running the attacker’s code on the server.”


INFOGRAPHIC: Studies show ‘security fatigue’ may trigger apathy in wake of Equifax hack

By Byron V. Acohido

There is no mistaking that, by now, most consumers have at least a passing awareness of cyber threats.

Two other things also are true: All too many people fail to take simple steps to stay safer online; and individuals who become a victim of identity theft, in whatever form, tend to be baffled about what to do about it.

INFOGRAPHIC: Shaking off cyber fatigue can be tough

A new survey by the nonprofit Identity Theft Resource Center, scheduled to be released in full next week, reinforce these notions. ITRC surveyed 317 people who used the organization’s services in 2017 and had experienced identity theft. The study was sponsored by CyberScout, which …more

NEWS THIS WEEK: Kaspersky ban underway for U.S. agencies; Equifax data breach lawsuits pile up; Europe plans new agency to quell cyber threats

By Byron V. Acohido

The U.S. government moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyber espionage activities. Acting Homeland Security Secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government, and its software poses a security risk. The Department of Homeland Security “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting …more

PODCAST: How web browsers present an attack vector useful to criminal hackers — and business rivals

By Byron V. Acohido

Web browsers continue to represent, arguably, the most wide-open attack vector at any given company.

This is because Mozilla Firefox, Google Chrome, Microsoft Explorer and Apple Safari all use a basic architecture ideally suited for a threat actor to manipulate. To put it bluntly, it’s all too easy for an attacker to download malicious code onto an employee’s computer—and then use that infected machine as a foothold to probe deeper into the breached network.

Related article: How ‘software containers’ are improving network security

Thus browser-focused attacks occur 24÷7÷365. While there is no direct way to stop attacks aimed at browsers, it is possible to contain them. I sat down with Lance Cottrell, chief scientist at Ntrepid, supplier of …more

ROUNDTABLE: The significance of the ‘Onliner’ spambot leaking 711 million emails

By Byron V. Acohido

A spambot, referred to as Onliner, has been discovered delivering a malicious banking Trojan. What’s worse, the spammers behind Onliner inadvertently exposed some 711 million email addresses held in their possession.

Some context is needed to grasp the significance of this. Consider that spambots have been around for a long time. For the most part, garden-variety spambots are a huge nuisance, designed to carry out a two-stage mission. First, a spambot crawls the internet seeking out email addresses from websites, news group postings and chat-room conversations, and from this crawling activity it compiles a gargantuan mailing list. Next, a spambot blasts out email pitches for all manner …more