Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

Imminent threats


SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

By Kolawole Samuel Adebayo

In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect.

Related: Privacy rules for vehicles

As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows.

The physical safety of things like airbags, rearview mirrors, and brakes is well accounted for; yet cybersecurity auto safety concerns are rising to the fore.

What used to be a focus on physical safety has now shifted to cybersecurity due to the widened attack surface that connected cars present. The rapid advancements in electric vehicles (EVs) has only served to heighten these concerns.

Funso Richard, Information Security Officer at Ensemble, highlighted the gravity of these threats. He told Last Watchdog that apart from conventional attacks, such as data theft and vehicle theft, much more worrisome types of attacks are emerging. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

MY TAKE: Putin’s weaponizing of ransomware shows why network security needs an overhaul

By Byron V. Acohido

At 10 am PDT, next Wednesday, April 19th,  I’ll have the privilege of appearing as a special guest panelist and spotlight speaker on Virtual Guardian’s monthly Behind the Shield cybersecurity podcast.

Related: The Golden Age of cyber spying is upon us

You can RSVP – and be part of the live audience – by signing up here. The moderator, Marco Estrela, does a terrific job highlighting current cybersecurity topics ripped from the headlines. For my part, I’m going to ‘follow the money’ with respect to the strategic use of weaponized ransomware on  the part of Vladimir Putin.

I recently had the chance to drill down on this topic as part of a Last Watchdog Fireside Chat podcast I’m currently producing. Stay tuned for my eye-opening discussion with BullWall, a Danish startup that’s in the midst of helping companies effectively mitigate cyber extortion.

Meanwhile, in the April 19th episode of Behind the Shield,  I’m going to attempt to summarize the big theme I’m hearing from BullWall and numerous other security vendors as I get ready to make the trek to San Francisco’s Moscone Center to cover RSA Conference 2023 in person – after two years of covering it remotely.

And that theme is . . . the unfolding reconstitution of network defense. There’s a common thread running through all of the advanced tools, new security frameworks and innovative security services that are rapidly gaining traction.

At some level, they all drive us in the direction of creating a new tier of overlapping, interoperable, highly automated security platforms.  The end game quite clearly must be to bake security deep inside the highly interconnected systems that will give us climate-rejuvenating vehicles and buildings and spectacular medical breakthroughs.

I’ll get this discussion going at Virtual Guardian’s Behind the Shield podcast next week. And I’ll try to ramp it up in my upcoming series of Last Watchdog RSA Insights Fireside Chat podcasts … more

SHARED INTEL: The common thread between China’s spy balloons and Congress banning Tik Tok

By Dan Meyer and Lachlan McKinion

The decision by the House of Representatives to ban  TikTok  from federal devices is noteworthy, especially as the Chinese spy balloon crisis unfolds.

Related: The Golden Age of cyber espionage

On December 23, 2022, Congress, in a bipartisan spending bill, banned TikTok from all government devices. The White House, the Pentagon, the Department of Homeland Security, and the State Department have already banned the social media app, as have more than a dozen other states.

The Tik Tok decision combines national security, social media, and “China” in only one institution’s change of policy. It reflects the challenge that continued use of social media presents to those within the federal circle of trust.

The Chinese government, as well as other foreign powers, actively probe all aspects of American life for information useful in compromising the Republic’s national security interests. They are active not only in stealing the federal government’s data, but also doing the same in our private and public corporations.

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

By Mark Guntrip

Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises.

Related: Deploying employees as human sensors

Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.

This neglect is not only a threat to personal data, but also a threat to corporate security. As we continue to live a majority of our lives online, there are many ways that both consumers and enterprises can better protect themselves against hackers.

According to our survey, the majority of consumers (77 percent) are confident they can identify, and report suspected malicious cyber activity despite general apathy toward proactively securing their devices and personal data.

Confidence gap

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). When it comes to protecting themselves and their devices, few are practicing the basics:

•Only 21 percent use email security software

•Only 33 percent consistently use two-factor authentication (2FA)

SHARED INTEL: A breakout of how Google, Facebook, Instagram enable third-party snooping

By Federico Morelli

More and more consumers are using apps every year. In fact, Google Play users downloaded 111.3 billion apps in 2021 alone, up more than 47 percent since 2018.

Related: Microsoft CEO calls for regulating facial recognition.

This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022.

This data safety section aims to help users understand how apps handle their data (especially when it comes to collection and sharing) and make more informed decisions about which apps to download.

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. The results shed light on how much data apps really share, which apps pose the biggest risks to data privacy, and how transparent developers are about their practices.

Rampant ‘sharing’

The study revealed that more than half (55.2 percent) of the apps share user data with third parties.

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

By Bharat Bhushan

Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide.

Related: Weaponized email endures as top threat

Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.

That said, Microsoft Exchange on-premises email servers – technology that once, not too long ago, dominated this space – remain in pervasive business use today.

In 2021, on-premises Microsoft Exchange Server mailboxes commanded a 43 percent global market share as compared to 57 percent for cloud Exchange mailboxes, according to this report from Statista. Some 11,800 computer software companies, 10,000 IT services vendors, 5,500 health care organizations and 3,200 financial services firms continue to maintain on-premises Exchange email servers, according to this report from Enlyft

What’s more, many of the organizations migrating to cloud IT infrastructure services are patching together hybrid email systems, part on-premises and part cloud-hosted.

SHARED INTEL: Log4j vulnerability presents a gaping attack vector companies must heed in 2022

By Byron V. Acohido

As we close out 2021, a gargantuan open-source vulnerability has reared its ugly head.

Related: The case for ‘SBOM’

This flaw in the Apache Log4J logging library is already being aggressively probed and exploited by threat actors — and it is sure to become a major headache for security teams in 2022.

“This vulnerability is so dangerous because of its massive scale. Java is used on over 3 billion devices, and a large number of those use Log4j,” says Forrester cybersecurity analyst Allie Mellen, adding that crypto miners and botnet operators are already making hay.

“We can expect more devastating attacks, like ransomware, leveraging this vulnerability in the future,” Mellen adds. “This vulnerability will be used for months if not years to attack enterprises, which is why security teams must strike while the iron is hot.”

This Log4j vulnerability was disclosed to Apache on Nov. 24 by the Alibaba Cloud Security team. Then on Dec. 9, the vulnerability, formally designated CVE-2021-44228, was disclosed on Twitter; meanwhile a  proof-of-concept exploit got posted on GitHub.

This flaw in an open-source web server software used far and wide  puts open-source risks in the spotlight – yet again. Companies will have to deal with Log4J in much the same manner as they were compelled to react to the open source flaws Heartbleed and Shellshock in 2014.