Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

By Byron V. Acohido

Most of us, by now, take electronic signatures for granted.

Related: Why PKI will endure as the Internet’s secure core

Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations. That’s why “wet” signatures, i.e. signing in the presence of a notary, remains a requirement for some transactions involving high dollars or very sensitive records.

Clearly, a more robust approach to verifying identities in the current and future digital landscape would be useful. After all, conducting business transactions strictly online was already on the rise before Covid 19, a trend that only accelerated due to the global pandemic.

And this is why DigiCert recently introduced DigiCert® Document Signing Manager (DSM) – an advanced hosted service designed to increase the level of assurance of the identities of persons signing documents digitally.

I had the chance to learn more about this new tool from Brian Trzupek, DigiCert’s senior vice president of product DigiCert is best known as a Certificate Authority (CA) and a supplier of services to manage Public Key Infrastructure. And PKI, of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built.

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

By Byron V. Acohido

It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications.

Related: The targeting of supply chains

Last Friday, July 2, in a matter of a few minutes,  a Russian hacking collective, known as REvil, distributed leading-edge ransomware to thousands of small- and mid-sized businesses (SMBs) across the planet — and succeeded in locking out critical systems in at least 1,500 of them. This was accomplished by exploiting a zero-day vulnerability in Kaseya VSA, a network management tool widely used by managed service providers (MSPs)  as their primary tool to remotely manage IT systems on behalf of SMBs.

REvil essentially took full control of the Kaseya VSA servers at the MSP level, then used them for the singular purpose of extorting victimized companies — mostly SMBs —  for payments of $45,000, payable in Minera. In a few instances, the attackers requested $70 million, payable in Bitcoin, for a universal decryptor.

Like SolarWinds and Colonial Pipeline, Miami-based software vendor, Kaseya, was a thriving entity humming right along, striving like everyone else to leverage digital agility — while also dodging cybersecurity pitfalls. Now Kaseya and many of its downstream customers find themselves in a  crisis recovery mode faced with shoring up their security posture and reconstituting trust. Neither will come easily or cheaply.

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

By Byron V Acohido

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive  people to spend more time than ever gaming.

Related: Credential stuffers exploit Covid 19 pandemic

Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019. The attacks were steady and large, taking place at a rate of millions per day, with two days seeing spikes of more than 100 million.

This metric shows how bad actors redoubled their efforts to rip off consumers fixated on spending  real money on character enhancements and additional levels. The big takeaway, to me, is how they accomplished  this – by refining and advancing credential stuffing.

Credential stuffing is a type of advanced brute force hacking that leverages software automation to insert stolen usernames and passwords into web page forms, at scale, until the attacker gains access to a targeted account.

We know from a Microsoft report how hacking groups backed by Russia, China and Iran have aimed such attacks against hundreds of organizations involved in both the 2020 presidential race and U.S.-European policy debates. And credential stuffing was the methodology used by a Nigerian crime ring

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

By Aanand Krishnan

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront.

Related: Equipping Security Operations Centers (SOCs) for the long haul

Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time. Given the dynamic nature of websites today and the constantly changing integrations to a site, this implicit trust model no longer suffices.

So what does the average modern website look like? More than 70 percent of the content that loads on an end user’s browser does not come from the website’s server at all. Enterprises are designing client heavy applications that are executed through JavaScript at runtime, and these browsers are acting as modern day OSes.

Let’s discuss how the SolarWinds hack relates to a regular website supply chain. Web architecture from the past decade followed a trend where most web applications were server heavy, and enterprises’ data centers handled the bulk of the processing. The web browser was more of a graphical interface or a rendering engine.

Due to optimized speeds and improved computing capacity on client devices, the architecture has evolved over the last few years.

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

By Byron V. Acohido

Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis.

Related: Reaction to Biden ‘s cybersecurity executive order

Nobelium is the Russian hacking collective best known for pulling off the milestone SolarWinds supply chain hack last December. That caper required the intricate counterfeiting of software updates sent out automatically by SolarWinds to 18,000 customers. And yet, for all of its sophistication, Nobelium also engages in routine phishing campaigns to get a foothold in targeted organizations. This of course is how they get a toehold to go deeper.

In this case, the attackers leveraged information gleaned from a Microsoft worker’s computing device. In a blog posting, Microsoft disclosed that it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.”

Microsoft said it notified the targeted 150 organizations, which included “IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.”

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

By Byron V. Acohido

The challenge of embracing digital transformation while also quelling the accompanying cyber risks has never been greater for small- and mid-sized businesses.

Related: How ‘PAM’ improves authentication

SMBs today face a daunting balancing act. To boost productivity, they must leverage cloud infrastructure and participate in agile software development. But this also opens up a sprawling array of fresh security gaps that threat actors are proactively probing and exploiting.

Somehow SMBs must keep pace competitively, while also tamping down the rising risk of suffering a catastrophic network breach.

There’s a glut of innovative security solutions, to be sure, and no shortage of security frameworks designed to help companies mitigate cyber risks. Leading-edge cybersecurity systems in service today apply machine learning in some amazing ways to help large enterprises identify and instantly respond to cyber threats.

However, this is overkill for many, if not most, SMBs. Day in and day out their core security struggle boils down to making it harder for intruders to attain and manipulate remote access. And it doesn’t take enterprise-grade security systems to accomplish this.

I’ve had several discussions about this with Maurice Côté, vice president of business solutions at Devolutions, a Montreal, Canada-based supplier of remote desktop management services. We talked about how Devolutions has been guiding its SMB customers

MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

By Byron V. Acohido

Network security is in the throes of a metamorphosis. Advanced technologies and fresh security frameworks are being implemented to deter cyber attacks out at the services edge, where all the action is.

Related: Automating security-by-design in SecOps

This means Security Operations Centers are in a transition. SOCs came on the scene some 20 years ago as the focal point for defending on-premises datacenters of large enterprises. The role of SOCs today is both expanding and deepening, and in doing so, perhaps modeling what it will take to defend IT systems going forward – for organizations of all sizes.

I recently moderated a virtual panel on this topic featuring Scott Dally, director of security operations center Americas at NTT Security, and Devin Johnstone, senior security operations engineer at Palo Alto Networks.

For a full drill down please give a listen to the accompanying podcast version of that discussion. Here are the takeaways:

Pressurized landscape

Organizations today must withstand a constant barrage of cyber attacks. Primary vectors take the form of phishing campaigns, supply chain corruption and ransomware attacks, like the one that recently resulted in the shut down of Colonial Pipeline.

What’s happening is that digital transformation, while providing many benefits, has also dramatically expanded the attack surface. “An old problem is that many companies continue to cling to the notion that cybersecurity is just another cost center, instead of treating it as a potentially catastrophic exposure – one that needs to be continually mitigated,” Dally says.