Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

SHARED INTEL: Bogus Coronavirus email alerts underscore risk posed by weaponized email

By Byron V. Acohido

It comes as no surprise that top cyber crime rings immediately pounced on the Coronavirus outbreak to spread a potent strain of malware via malicious email and web links.

Related: Credential stuffing fuels cyber fraud

IBM X-Force researchers shared details about how emails aimed at Japanese-speaking individuals have been widely dispersed purporting to share advice on infection-prevention measures for the disease. One of the waves of weaponized emails actually is designed to spread a digital virus: the notorious Emotet banking Trojan designed to steal sensitive information.

One cybersecurity company, Tel Aviv-based Votiro, is taking a different approach to strengthen protection against such weaponized documents, using technology that disarms files before they are delivered to the recipient’s inbox.   I had the chance to visit with Votiro CEO and founder Aviv Grafi at RSA 2020. For a full drill down give a listen to the accompanying podcast. Here are a few key takeaways:

Filtering falls short

As a former penetration tester who specialized in testing employees aptitude for resisting email lures, Grafi saw time-and-again how – and why – attackers leverage timely events, such as celebrity deaths, holidays or tax deadlines to lure email recipients to click on corrupted Word docs or PDF attachments.

Votiro introduced their ‘Disarmer’ technology, called CDR, for “content, disarm and reconstruction” to the U.S. market in 2019. CDR takes a prevention, instead of detection, approach to disarming weaponized email and deterring document-delivered malware.

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

By Byron V. Acohido

Cyber threats now command the corporate sector’s full attention. It’s reached the point where some CEOs have even begun adjusting their personal online habits to help protect themselves, and by extension, the organizations they lead. Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances.

Related: How ‘credential stuffing’ enables online fraud

As a result, some CEOs admit they’ve stopped Tweeting and deleted their LinkedIn and other social media accounts – anything to help reduce their organization’s exposure to cyber criminals. “Senior C-level executives and board members are paying more attention now to cybersecurity than two years ago, by far,” observes Jeff Pollard, vice president and principal analyst at tech research firm Forrester.

Awareness is a vital step forward, no doubt. But it’s only a baby step. Corporate inertia still looms large. For many Chief Information Security Officers, having the CEO’s ear, at the moment, is proving to be a double-edged sword, Pollard told me. “We find many CISOs spend their time explaining what threats matter and why, as opposed to why cybersecurity matters in the first place,” he says. “Security leaders must also find ways to explain why budgets that have steadily increased, year after year, have not solved the security problems”.

SHARED INTEL: Former NSA director says cybersecurity solutions need to reflect societal values

By Byron V. Acohido

Is America’s working definition of “national security” too narrow for the digital age?

Yes, observes retired Admiral Michael Rogers, who served as a top White House cybersecurity advisor under both Presidents Obama and Trump. 

Related: The golden age of cyber espionage

The United States, at present, operates with a “nebulous” definition of what constitutes a cyber attack that rises to the level of threatening national security, asserts Rogers, who was   commander, U.S. Cyber Command, as well as director, National Security Agency, and chief, Central Security Service, from March 2014 until he retired from military service in May 2018.

“National security in the digital age, to me, is the confluence of the traditional ways we used to look at security issues as a nation-state, as well as taking into consideration how economic-competitiveness and long-term economic viability play in,” Rogers told an audience of cybersecurity executives, invited to attend the grand opening of Infosys’ state-of-the art Cyber Defense Center in Indianapolis earlier this week.

Rogers made his remarks as part of a panel discussion on securing digital transformation moderated by Infosys CISO Vishal Salvi. It was a wide-ranging, eye-opening discussion. Here are a few key takeaways I came away with:

Rising cyber exposures

Enterprises today are engaged in a struggle to balance security and agility. Leveraging cloud services and IoT systems to streamline workloads makes a ton of sense. Yet cyber exposures are multiplying. Compliance penalties, lawsuits, loss of intellectual property, theft of customer personal data and loss of reputation — due to poor cyber defenses — are now getting board level attention.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

By Byron V. Acohido

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol.

Related: Why Google’s HTTPS push is a good thing

At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.

There is no question that TLS is essential, going forward. TLS is the glue that holds together not just routine website data exchanges, but also each of the billions of machine-to-machine handshakes occurring daily to enable DevOps, cloud computing and IoT systems. Without TLS, digital transformation would come apart at the seams.

However, the sudden, super-saturation of TLS, especially over the past two years, has had an unintended security consequence. Threat actors are manipulating TLS to obscure their attack footprints from enterprise network defenses. The bad guys know full well that legacy security systems were designed mainly to filter unencrypted traffic. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

TLS functions as the confidentiality and authenticity cornerstone of digital commerce. It authenticates connections that take place between a smartphone and a mobile app, for instance, as well as between an IoT device and a control server, and even between a microservice and a software container. It does this by verifying that the server involved is who it claims to be, based on the digital certificate issued to the server. It then also encrypts the data transferred between the two digital assets.

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

By Byron V. Acohido

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.”

Related: Cyber warfare enters Golden Age

In fact, strategic cyber operations essentially pitting Russia and Iran against the U.S. and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019.

The Soleimani assassination simply added kerosene to those long-flickering flames. Since the killing, there has been a marked increase in probing for vulnerable servers – focused on industrial control systems in facilities in both the Middle East and North America. This escalation of reconnaissance is being closely monitored by the global cybersecurity and intelligence communities. Jeremy Samide, CEO of Stealthcare, a Cleveland-based cyberthreats intelligence gathering consultancy, is in the midst of it.

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. Evidence of this gelling scenario are called out in a recent report from Dragos, a Maryland-based supplier of industrial controls security systems, and also in a technical report issued earlier this month by Saudi Arabia’s National Cyber Security Center.

“This isn’t something that’s going to happen overnight,” Samide told me. “Iran’s response will be long and drawn out. There will very likely be a number of smaller and medium-sized attacks, culminating in a larger attack that will be highly coordinated and strike at just the right time. And it might not be Iran directly retaliating alone. It could involve multiple state actors, adversarial to the West, joining forces to co-ordinate an attack, or even multiple attacks.”

There has been plenty of news coverage of certain high-profile Iranian and Russian cyberattacks; … more

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

By Cynthia Lopez Olson

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance.

Related: Bots attack business logic

Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

These risks are normally not covered by a general liability policy, which includes coverage only for injuries and property damage. In general, cyber insurance covers things like:

•Legal fees and expenses to deal with a cybersecurity incident

•Regular security audit

•Post-attack public relations

•Breach notifications

•Credit monitoring

•Expenses involved in investigating the attack

•Bounties for cyber criminals

In short, cyber insurance covers many of the expenses that you’d typically face in the wake of cybersecurity event.

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

By Byron V. Acohido

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point.

Related: We’re in the golden age of cyber spying

Mainstream news outlets are hyper focused on the events of the past six days. A Dec. 27 rocket attack on a military base in northern Iraq killed an American contractor and a number of service members. Protesters attacked the US embassy in Baghdad. President Trump then retaliated by ordering a drone strike that killed a top Iranian military leader,  Gen. Qasem Soleimani.

The open assassination of a top Middle East official has ignited a social media frenzy about how we very well may be on the brink of World War III. I very much hope cooler heads prevail.

Iran accord scuttled

A starting point for cooling things off would be for news pundits — as well as anyone who considers himself or herself a social media influencer, i.e, someone who fosters community discussions — to recall the hostile shove Trump gave Iran last May.

That’s when Trump scuttled the 2015 Iran nuclear deal – which was the result of 10 years of negotiation between Iran and the United Nations Security Council. The 2015 Iran accord, agreed to by President Obama, set limits on Iran’s nuclear programs in exchange for the lifting of nuclear-related sanctions.

For his own reasons, Trump declared the 2015 Iran accord the “worst deal ever,” and has spent the past several months proactively escalating tensions with Iran, for instance, by unilaterally imposing multiple rounds of fresh sanctions.

This, of course, pushed Iran into a corner, and, no surprise, Iran has pushed back. It’s important to keep in mind that Iran, as well as Europe and the U.S., were meeting the terms of the 2015 nuclear deal, prior to Trump scuttling the deal.