Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

By Byron V. Acohido

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner.

Related: The rise of ‘memory attacks’

I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant  Huawei. These are the carriers that provide Internet access to rural areas all across America.

Starks

Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks.

This isn’t an outlier exposure, by any means. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. Firmware carries out the low-level input/output tasks, without which the hardware would be inoperable.

However, the security of firmware has been largely overlooked over the past two decades. It has only been in the past four years or so that white hat researchers and black hat hackers have gravitated over to this unguarded terrain – and begun making hay.

I recently had the chance to discuss this with John Loucaides, vice-president of engineering at Eclypsium, a Beaverton, OR-based security startup that is introducing technology to scan for firmware vulnerabilities. Here are the big takeaways:

Bypassing protection

Firmware exposures are in the early phases of an all too familiar cycle. Remember when, over the course of the 2000s and 2010s, the cybersecurity industry innovated like crazy to address software flaws in operating systems and business applications? Vulnerability research took on a life of its own.

As threat actors wreaked havoc, companies strove to ingrain security into code writing, and make it incrementally harder to exploit flaws that inevitably surfaced in a vast threat landscape. Then, much the same cycle unfolded as virtual computing came along and became popular; and then the cycle repeated itself, yet again, as web browsers took center stage in digital commerce. …more

Comment | Read | June 10th, 2019 | For technologists | Imminent threats | My Take | New Tech | Steps forward | Top Stories

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

By Steve Kaufman

There’s oil in the state of Maryland – “cyber oil.”

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.”

Related: Port Covington cyber hub project gets underway

That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems Agency, Intelligence Advanced Research Projects Activity, USCYBERCOM, NASA and the Department of Defense’s Cyber Crime Center. Within these government labs and agencies, taking place is a groundswell of innovation in deep technology cyber disciplines to the tune of billions of dollars annually over the past three decades.

In addition, the state is home to 16 nationally designated cybersecurity Centers of Excellence and a state university and college system that graduates more cyber-degreed engineers than any other state. The state counts approximately 109,000 cyber engineers.

Not only does the advanced development at these government agencies contribute to the success of cybersecurity in the state, but also so do many Maryland-based cybersecurity companies. Two notable examples are Sourcefire, acquired by Cisco for $2.7B and Tenable, which went public in 2018 with a market capitalization of approximately $4 billion.

Maryland and environs, including Virginia and Washington D.C., has also attracted a powerful and growing flow of venture capital to the region – about $1 Billion in 2018 and growing at an incredible pace.

Such bona fides led to the inaugural private “by invitation”  Global Cyber Innovation Summit (GCIS) in Baltimore in May 2019.  GCIS was a Davos-level conference with no vendors and no selling, where scores of chief security information officers (CISOs), top CEO’s, industry and government thought leaders and leading innovators discussed the myriad challenges in and around cybersecurity and possible solutions in today’s environment.

All this represents the early phases of a foundation-building process that is on track to eventually create a grander landscape. In the eyes of many cyber pros and investors, Maryland is becoming such a fast-growing cybersecurity hub that many believe it will replace the cyber component of Silicon Valley, hence becoming “Cybersecurity Valley,”  within the next five years. …more

Comment | Read | June 4th, 2019 | For technologists | Guest Blog Post | Top Stories

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

By Byron V. Acohido

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.”

Related: ‘Machine identities’ now readily available in the Dark Net

Think about how far we’ve come since 1999, when the Y2K scare alarmed many, until today, with hybrid cloud networks the norm. There’s no question the benefits of accelerating digital transformation are astounding.

Yet the flip side is that legacy security approaches never envisioned perimeter-less computing. The result, not surprisingly, has been a demonstrative lag in transitioning to security systems that strike the right balance between protection and productivity.

Take authentication, for example. Threat actors are taking great advantage of the lag in upgrading authentication. The good news is that innovation to close the gap is taking place. Tel Aviv-based security vendor Silverfort is playing in this space, and has found good success pioneering a new approach for securing authentication in the perimeterless world.

Founded in 2016 by cryptography experts from the Israeli Intelligence Corps’ elite 8200 cyber unit, Silverfort is backed by leading investors in cybersecurity technologies.

I had the chance to catch up with Dana Tamir, Silverfort’s vice president of market strategy, at RSA 2019. For a full drill down of the interview, please listen to the accompanying podcast. Here are the key takeaways:

Eroding effectiveness

Compromised credentials continue to be the cause of many of today’s data breaches. The use of multi-factor authentication, or MFA, can help protect credentials, but even those solutions have lost much of their effectiveness. The problem is that most MFA solutions are designed for specific systems, rather than today’s more dynamic environments. Traditional MFA may have hit its limitations due to dissolving perimeters.

In the past, Tamir explained, you had a solid perimeter around your network, with one entry point and you added the MFA to that single entry for the extra layer of protection. But that single-entry perimeter doesn’t exist today. We don’t even have a real perimeter anymore. …more

Comment | Read | May 14th, 2019 | Best Practices | For technologists | Podcasts | Privacy | RSA Podcasts | Top Stories

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

By Chris Gerritz

The recent network breach of Wipro, a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways.

Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.

Related: Marriott suffers massive breach

We now know, thanks to reporting from cybersecurity blogger Brian Krebs, that the Wipro hack was a multi-month intrusion and likely the work of a nation-state backed threat actor. What’s more, the attackers reportedly were able to use Wipro as a jumping off point to infiltrate the networks of at least a dozen of Wipro’s customers.

Wipro issued a media statement, via its Economic Times division, acknowledging “potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign . . . Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”

Wipro did not provide many additional details. However, one has to wonder whether, beyond its customers, …more

Comment | Read | May 10th, 2019 | Best Practices | For technologists | Guest Blog Post | Imminent threats | Top Stories

Q&A: Here’s why Android users must remain vigilant about malicious apps, more so than ever

By Byron V. Acohido

Android users – and I’m one – are well-advised to be constantly vigilant about the types of cyberthreats directed, at any given time, at the world’s most popular mobile device operating system.

Related: Vanquishing BYOD risks

Attacks won’t relent anytime soon, and awareness will help you avoid becoming a victim. It’s well worth it to stay abreast of news about defensive actions Google is forced to take to protect Android users. Just recently, for instance, the search giant removed 50 malicious apps, installed 30 million times, from the official Google Play Store, including fitness, photo-editing, and gaming apps.

And earlier this year, three popular “selfie beauty apps”– Pro Selfie Beauty Camera, Selfie Beauty Camera Pro and Pretty Beauty Camera 2019 – accessible in Google Play Store were revealed to actually be tools to spread adware and spyware. Each app had at least 500,000 installs, with Pretty Beauty Camera 2019 logging over 1 million installs, mainly by Android users in India.

Instructive details about both of these malicious campaigns come from malware analysts working on apklab.io, which officially launched in February. Apklab.io is Avast’s mobile threat intelligence platform designed to share intelligence gathered by analyzing samples collected from 145 million Android mobile devices in use worldwide.

I had the chance to sit down with Nikolaos Chrysaidos (pictured), head of mobile threat intelligence and security at Avast, to drill down on the wider context of the helpful findings apklabl.io has begun delivering. Here are excerpts of our discussion, edited for clarity and length:

Acohido: What was distinctive about the 50 malicious Android apps your analysts recently discovered?

Chrysaidos: The installations ranged from 5,000 to 5 million installs, and included adware that persistently displayed full screen ads, and in some cases, tried to convince the user to install further apps. The adware applications were linked together by the use of third-party Android libraries, which bypass the background service restrictions present in newer Android versions.

The bypassing itself is not explicitly forbidden on Play Store. However, our analysts were able to detect it because apps using these libraries waste the user’s battery and make the device slower. In this instance, the libraries kept displaying more and more ads, which does violate the Google Play Store rules. …more

Comment | Read | May 8th, 2019 | For consumers | For technologists | Privacy | Q & A | Top Stories

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

By Byron V. Acohido

No matter how reliant we ultimately become on cloud storage and streaming media, it’s hard to image consumers ever fully abandoning removable storage devices.

There’s just something about putting your own two hands on a physical device, whether it’s magnetic tape, or a floppy disk, or a CD. Today, it’s more likely to be an external drive, a thumb drive or a flash memory card.

Related: Marriott reports huge data breach

Ever thought about encrypting the data held on a portable storage device? Jay Kim, co-founder and CEO DataLocker, did.

Launched as a one-man operation in 2007, DataLocker has grown into a leading manufacturer of encrypted external drives, thumb drives, flash drives and self-encrypting, recordable CDs and DVDs.

DataLocker today has 40 employees and last year moved into a larger facility in Overland Park, Kansas, with room to grow. I had the chance at RSA 2019 to visit with Shauna Park, channel manager at DataLocker, to discuss what’s new in  the encrypted portable drive space. For a full drill down please listen to the accompanying podcast. Key takeaways:

Protected backup

Even with increased adoption of cloud computing, external storage devices, like USB thumb drives and external hard drives, still have a major role in organizations of all sizes. These drives still serve a purpose, such as transporting data from one computer to another, accessing presentations outside of the office, or as an additional backup solution. …more

Comment | Read | May 8th, 2019 | For consumers | For technologists | New Tech | Privacy | RSA Podcasts | Top Stories

NEW TECH: SlashNext dynamically inspects web page contents to detect latest phishing attacks

By Byron V. Acohido

Humans are fallible. Cyber criminals get this.

Human fallibility is the reason social engineering has proven to be so effective – and why phishing persists. Consider these metrics from messaging security firm Proofpoint:

•Email-based corporate credential phishing attacks quadrupled in Q3 2018 vs. the previous quarter.

•Web-based social engineering attacks jumped 233% vs. the previous quarter.

•99% of the most highly targeted email addresses in the quarter didn’t rank as such in the previous report, suggesting that attackers are constantly shifting targets.

What’s more, a study by antivirus vendor Webroot informs that more than 46,000 new phishing sites go live each day, with most disappearing in a few hours. And a recent survey conducted by SlashNext, a Pleasanton, CA-based supplier of advanced antiphishing systems, revealed that 95% of IT professionals underestimate phishing attack risks. This holds true even though nearly half the respondents reported their organizations experience 50 or more phishing attacks per month, with 14% experiencing 500 phishing attacks per month.

It’s not as if companies and cybersecurity vendors have been sitting on their hands. Vast resources have been directed at filtering emails – the traditional delivery vehicle for phishing campaigns – and at identifying and blacklisting webpages that serve as landing pages and payload delivery venues.

So quite naturally, cyber criminals have shifted their attack strategies. They are pursuing fresh vectors and honing innovative payload delivery tactics. The bad guys are taking full advantage of the fact that many companies continue to rely on legacy defenses geared to stop tactics elite phishing rings are no longer using.

I recently had an eye-opening discussion about this with Jan Liband, SlashNext’s chief marketing officer. Here are the key takeaways from that interview:

Unguarded vectors

By now, most mid-sized and large enterprises have a secure email gateway that’s highly effective at filtering out 80%-95% of phishing emails. So phishers have moved on to comparatively unguarded vectors: social media channels, SMS (text), ads, pop-ups, chat apps, IM, malvertising and rogue browser extensions, Liband told me.

Platforms like Facebook, Twitter and Instagram are wide open for intelligence gathering. With knowledge of our friends, families and preferences, phishers are able to craft postings and messages targeting groups of victims, or specific individuals. The end game is to funnel victims to landing pages. …more

Comment | Read | May 7th, 2019 | For technologists | New Tech | Top Stories

Older Articles »