Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

By Pravin Kothari

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise.

Related podcast. Evidence shows we’re in ‘Golden Age’ of cyber spying

The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October. News reports this week indicate internal documents, including details of arms procurement for the country’s next-generation fighter aircraft, were pilfered from at least 10 of the hacked computers.

The hackers reportedly manipulated server software and succeeded in siphoning records from connected workstations. Though South Korean officials stopped short of blaming North …more

GUEST ESSAY: What your company should know about addressing Kubernetes security

By Gary Duan

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers.

Related podcast: Securing software containers

Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to  deploy, scale, and manage.

As beneficial as Kubernetes is for orchestrating containerized environments, a maturing set of security best practices must be adhered to for enterprises to ensure that their applications and data are as safe as possible from emerging vulnerabilities and exploits.

The most dangerous attacks on container environments will execute a “kill chain” of events – not striking all at once but instead through a sequence of lateral moves within the dynamic container environment to ultimately take over containers, attack Kubernetes services, or gain unauthorized access.

Attackers are shaping their attacks to take advantage of recently discovered vulnerabilities and systems which have not yet been patched or equipped to counter efforts to exploit them. In addition, the discovery of malicious ‘backdoors’ hidden in popular Docker images is another cause for concern.

Three recent examples illustrate this seemingly endless stream of vulnerabilities that attackers can leverage in a containerized environment: the Dirty Cow exploit, the Linux Stack Clash vulnerability, and the even more recently discovered CVE-2018-1002105 vulnerability in Kubernetes. Here’s how each inflicts damage: …more

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

By Byron V. Acohido

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints.

Related: California enacts pioneering privacy law

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network.

In recognition of the significant security risks privileged accounts can pose, industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management.1-

Last Watchdog asked Adam Bosnian, executive vice president at CyberArk – the company that pioneered the market – to put into context how much can be gained by prioritizing privilege in today’s dynamic, fast-evolving digital business landscape. Here are excerpts edited for clarity and length:

LW: Why is privileged access management so important?

Bosnian: Privileged access has become the fulcrum of the success or failure of advanced attacks. Nearly 100 percent of all advanced attacks involve the compromise of privileged credentials.

This is a mounting challenge for organizations because privileged accounts exist and ship in every single piece of technology, including servers, desktops, applications, databases, network devices and more.  …more

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

By Byron V. Acohido

The heyday of traditional corporate IT networks has come and gone.

In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars.

Related podcast: Why the golden age of cyber espionage is upon us

This coming wave of IoT networks, architected to carry out narrowly-focused tasks, will share much in common with the legacy operational technology, or OT, systems long deployed to run physical plants — such as Industrial Control Systems (ICS,)  Supervisory Control and Data Acquisition (SCADA ,) Data Control System (DCS,) and Programmable Logic Controller (PLC.)

The global cybersecurity community is keenly aware of these developments and earnest discussions are underway about how to deal with the attendant security exposures. This includes a rising debate about the efficacy of the Common Vulnerability Scoring System, or CVSS.  Initially introduced in 2005, CVSS is a framework for rating the severity of security vulnerabilities in software.

Last Watchdog recently sat down with a couple of senior executives at Radiflow, a Tel Aviv-based supplier of cybersecurity solutions for ICS and SCADA networks, to get their perspective about how NIST and ICS-CERT, the two main organizations for disclosing and rating vulnerabilities, are sometimes not aligned. Radiflow currently is conducting this survey to collect feedback from IT and OT professionals about the ramifications of this conflict.

Radiflow expects to release its survey findings in late January. This is not just another arcane tussle among nerdy IT professionals. New vulnerabilities and exposures are part and parcel of accelerating the deployment of vast distributed systems, fed by billions of IoT sensors. And they must be fully addressed if digital commerce is to reach its full potential. Here are excerpts of my discussion about this with Radiflow’s CEO Ilan Barda and CTO Yehonatan Kfir, edited for clarity and length:

LW: As we move forward with digital transformation and the Internet of Things, is it becoming more urgent to think about how we protect OT systems?

Barda: Yes. The risks are growing for two reasons. One is the fact that there are more and more of these kinds of OT networks, …more

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

By Mike James

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days.

Related podcast: The re-emergence of SIEMs

In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses. To achieve this for your organization, it is no longer possible just to run reactive cyber security. It is essential that should invest in a proactive approach – that’s why you need to start threat hunting.

Seeking anomalous activity

Threat hunting is the practice of actively seeking out dangers to cyber security by detecting and eliminating new and emerging threats that are able to evade preventative controls such as firewalls and antivirus software.

It consists of actively looking for anomalous activity that has not been identified by existing tools and involves thorough, on-going analysis of data sources such as network traffic and server logs as well as web and email filter traffic.

Businesses that embrace threat hunting are likely to significantly reduce the dwell time of attacks, identify advanced threats that could otherwise be missed, and enhance security controls and processes. Effective threat hunting requires not only the right tools, but an advanced understanding of the latest tactics and techniques used by criminals. So, what do you need to get started? …more

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

By John Safa

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine.

Related: Zuckerberg’s mea culpa rings hollow

This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

Facebook was very lucky, indeed, that its misdeeds happened before May 25, 2018. On that date, the EU General Data Protection Regulation (GDPR) came into force.

If its violation had happened after that, the fine could have been up to £17 million or 4 percent of global turnover. Yet, even with the prospect of stupendously steep fines hanging over the heads, insecure enterprises still don’t grasp the true cost of data privacy complacency.

According to research by one law firm, pre-GDPR regulatory fines had almost doubled, on average, between 2017 and 2018, up from £73,191 to £146,412. Those figures pale when stacked against the potential bottom line impact that now exists. …more

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

By Max Emelianov

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide.

The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded.

Related podcast: The case for ‘zero-trust’ security

Obviously, on paper the castle with better defenses is the one that survives a siege. But what really makes the difference here is the people manning it. See, the soldiers in the second castle are unquestionably loyal to their king. While in the first castle, there is a turncoat in the ranks.

As you’ve probably surmised, the castles are meant to represent a business’s security infrastructure.

The soldiers are a business’s employees. Unless the two are in alignment with one another – unless your employees care about keeping corporate data safe and understand what’s required to do so – your business is not secure.

People power

It doesn’t matter how strong your walls are. It doesn’t matter how much money you invest into point solutions and hardened architecture. It doesn’t matter how many people you hire to man your IT department. …more