Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Imminent threats

 

Why big companies ignore SAP security patches — and how that could bite them, big time

By Byron V. Acohido

Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so.

Related article: Triaging open-source exposures

Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.

There is yet another widely-used business platform that malicious hackers have turned their attention to. It is SAP’s enterprise resource planning (ERP) applications.

SAP serves as the digital plumbing for dozens of multinationals; it is deeply embedded in 87 percent of the top 2000 global companies, enabling and integrating ERP functions, such as sales, production, human resources and finance, as well as other core systems.

SAP is no different than any other complex software. Vulnerability researchers, ranging from penetration testers to threat actors, continually seek out fresh security flaws which SAP subsequently issues patches for. The trouble has been that SAP patches can be troublesome to implement, and so very often get postponed.

In 2016 the U.S. Department of Homeland Security’s Computer Emergency Response Team (US-CERT) issued three separate security alerts warning SAP customers to install security patches, including one issued six years earlier that had gone widely ignored.

Many large enterprises have been lagging in SAP patches. This exposure is pervasive. And it is only a matter of time before threat actors pull off a high-profile data breach. …more

Mobile security advances to stopping device exploits — not just detecting malicious apps

By Byron V. Acohido

The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms.

Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems.

Related article: Is your mobile device spying on you?

This hasn’t worked terribly well for defending modern business networks from cyberattacks. And now we are on the verge of making matters dramatically worse as smartphones and IoT  devices proliferate.

I recently had a chance to discuss this state of affairs with J.T. Keating, vice president of product strategy at Zimperium, a Dallas-based supplier of mobile device security systems. Launched in 2010 by a Samsung consultant who saw the handwriting on the wall, Zimperium has grown to 140 employees and attracted $60 million in venture capital from Warburg Pincus, SoftBank, Samsung, Telstra and Sierra Ventures.

The company is seeking to frame and address mobile security much differently than the traditional approach to endpoint security. “When you have billions of mobile devices that aren’t well protected, and the users are primarily responsible for controlling them, it makes for very ripe targeting,” Keating told me.

For a full drill down, please listen to the accompanying podcast. Here are excerpts edited for clarity and length.

LW: What’s most worrisome about mobile security?

Keating: If you’re a consumer, you should really care about malicious apps. The vast majority of the mobile malware we see is designed for fraud. A perfect example of one going around right now is called Bankbot. A user will …more

Security start-up deploys advanced AI, aka ‘deep learning,’ to detect malware on endpoints

By Byron V. Acohido

Based in Tel Aviv, Israel, Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018.

The company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to the level of every computer and mobile device of each employee.

Accompanying podcast: Deep Instinct pioneers AI-infused endpoint security

The company has been doing something right. Launched in 2015, it has grown rapidly to 100 employees. It has attracted $32 million in venture funding and won a satchel full of industry awards, including being named by Dark Reading’s “most innovative startup” at Black Hat Las Vegas last summer.

Deep learning is an advanced branch of machine learning and artificial intelligence. It works by sifting through the oceans of data that course through a company’s network in a series of layers, referred to as a neural network. This layered, systematic approach to making cross correlations is modeled after the human brain.

Once it is switched on, deep learning never stops. The more data fed into its algorithms, the more accurately the system recognizes things it was designed to recognize, in this case fresh malware variants. If that sounds like a gargantuan computing task, it is.

Deep Instinct’s founders not only crafted proprietary algorithms to achieve this, they also innovated a way to distribute the results (malware alerts) down to the level of personal computing devices.

Kaftzan

Jonathan Kaftzan, vice president of marketing, walked me through how these breakthroughs are helping companies protect their networks. For a full drill down on our discussion, please listen to the accompanying podcast. Here are excerpts of our discussion edited for clarity and length:

LW: What’s deep learning all about? …more

Why the ‘golden age’ of cyber espionage is upon us

By Byron V. Acohido

Researchers at Cisco’s Talos intelligence unit have now expressed high confidence that the Russian government is behind VPNFilter, a malware strain designed to usurp control of small office and home routers and network access control devices.

If you doubt VPNFilter’s capacity to fuel cyber chaos on a global scale, please peruse the FBI’s recently issued alert about this very nasty piece of leading-edge malware.

Related article: Obsolescence creeping into legacy security systems

VPNFilter is precisely the kind of cyber weaponry nation state-backed military and intelligence operatives routinely deploy to knock down critical infrastructure, interfere with elections and spy on each other.

One of the top analysts on the daily use of malware across the planet is Dr. Kenneth Geers, senior research scientist, at Comodo Cybersecurity. His main duties at Comodo revolve around monitoring and analyzing malware spikes as they unfold on a daily basis, and correlating cyber attacks to global news and political events.

Geers recently walked me through the cyber attack trends and patterns he’s currently monitoring. Bottom line: cyber espionage is on the cusp of a golden age; and the only way to deter this is for the private sector to do a much better job of defending home and business networks.

Why so? Because vulnerable networks supply the communications channels and processing power made so easily accessible to cyber criminals and combatants.

For a full drill down on my fascinating chat with Geers, please listen to the accompanying podcast.  Here are excerpts edited for clarity and length. …more

MY TAKE: A breakdown of why Spectre, Meltdown signal a coming wave of ‘microcode’ attacks

By Byron V. Acohido

Hundreds of cybersecurity vendors are making final preparations to put their best foot forward at the RSA Conference at San Francisco’s sprawling Moscone Center next week. This will be my 15th RSA, and I can say that there is a distinctively dark undertone simmering under this year’s event. It has to do with a somewhat under-the-radar disclosure in early January about a tier of foundational security holes no one saw coming.

Related article: Meltdown, Spectre foreshadow another year of nastier attacks

Spectre and Meltdown drew a fair amount of mainstream news coverage. But I fear their true significance hasn’t resonated. We now know that there will be no quick way to fix this pair of milestone vulnerabilities that lurk in the architecture of just about every modern processor chip.

As I get ready to head to RSA, it struck me that none of the legacy security systems being hyped at the glitzy exhibition booths I’ll see at RSA seem able to solve this problem or mitigate the risks.

Raza

“Spectre and Meltdown will be the enormous elephants in the room at RSA”, said Atiq Raza, CEO of security firm Virsec. “The chip and OS vendors have failed with multiple patches and are asking for patience. Meanwhile, few security vendors understand or monitor what happens between applications and processors. This is leaving most customers worried and scratching their heads.”

Chip/kernel 101

To understand how profoundly Spectre and Meltdown have changed the cybersecurity landscape requires a bit of technical context. Processor chips are formally referred to as the Central Processing Unit, or CPU. These are the semiconductor chips manufactured by Intel, AMD, ARM and a few others.

CPUs give life to any computing device you can name. CPUs interact with the operating system, or OS, such as Windows, Macintosh, iOS and Linux. The OS, in turn, enables applications such web browsers, smartphones, business apps, web apps, games, video — and the digital infrastructure behind them — to run.

Around 1995, CPUs started getting dramatically faster and have been getting incrementally faster ever since. This happened both because of improvements in the hardware and clever ways engineers found to make processes more efficient. Every OS has a core piece of software, called the kernel, that manages and directs how each application can tap into the CPU. Keep in mind, …more

LW’s NEWS WRAP: Mirai botnet variants take Internet-of-Things hacking to higher levels

By Byron V. Acohido

Last Watchdog’s News Wrap, Vol. 1, No. 2. Don’t look now but the weaponization of the Internet of Things just kicked into high gear. The Mirai botnet, which I first wrote about in December 2016, is back — in two potent variants. Mirai Okiru targets ARC processors – the chips embedded autos, mobile devices, smart TVs, surveillance cameras and many more connected products.

Related article: Massive IoT botnet hits German home routers

Mirai Satori, meanwhile, hijacks crypto currency mining operations, syphoning off newly created digital coins infects.Whether these variants are the work of Mirai’s creator, or copycats, hasn’t been determined.

“It is important to understand that the development community for malware is just as active and often more driven to create improved versions as the conventional software industry is,” Mike Ahmahdi, DigiCert’s global director of IoT security solutions, told me. “System builders and device manufacturers need to have a greater focus on implementing mitigation’s and controls that address the root issues that allow malware to flourish, rather than focusing on addressing the malware ‘flavour du jour’.”

Fancy Bear targets Olympic officials

Meanwhile, Russian hackers continue to be very methodical about interfering in U.S. politics —  for obvious strategic advantage. It turns out they also are passionate about preserving the stature of their star athletes.

The infamous hacking collective known as Fancy Bear has been tied to disruptive hacks targeting the DNC. Now those same hackers are also bedeviling the International Olympic Committee in apparent retribution for restricting Russia’s participation in the  upcoming Winter Games.

The hackers aim is to discredit Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

…more

Q&A: What CyberX is doing to help address the hackable state of industrial control systems

By Byron V. Acohido

Finally, the profoundly hackable state of industrial control systems (ICS) is being elevated as an issue of substantive concern and beginning to get the level of global attention it deserves.

Nation-state backed hackers knocking out power grids and discombobulating other critical infrastructure – the cyber Pearl Harbor scenario – has been discussed for years in military and intelligence circles. However, skepticism and apathy have been the watchwords among the actual operators of industrial control systems.

Related article: Risking energy plant hacks signal cyber war activity

Discussions about better protecting these uniquely vulnerable specialized networks — now generally referred to as operational technology (OT) or industrial control systems — has historically taken a back seat to mainstream IT security issues, such as phishing, ransomware and denial of service attacks.

Fortuitously, that’s beginning to change. A series of disclosures this past year peeled back the curtain on the extent to which Russia, Iran and North Korea, in particular, have been proactively probing and infiltrating OT networks. On a parallel track, a handful of innovative startups have developed purpose-built platforms to address industrial and critical infrastructure security. …more