Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

News This Week


MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

By Byron V. Acohido

Network security is in the throes of a metamorphosis. Advanced technologies and fresh security frameworks are being implemented to deter cyber attacks out at the services edge, where all the action is.

Related: Automating security-by-design in SecOps

This means Security Operations Centers are in a transition. SOCs came on the scene some 20 years ago as the focal point for defending on-premises datacenters of large enterprises. The role of SOCs today is both expanding and deepening, and in doing so, perhaps modeling what it will take to defend IT systems going forward – for organizations of all sizes.

I recently moderated a virtual panel on this topic featuring Scott Dally, director of security operations center Americas at NTT Security, and Devin Johnstone, senior security operations engineer at Palo Alto Networks.

For a full drill down please give a listen to the accompanying podcast version of that discussion. Here are the takeaways:

Pressurized landscape

Organizations today must withstand a constant barrage of cyber attacks. Primary vectors take the form of phishing campaigns, supply chain corruption and ransomware attacks, like the one that recently resulted in the shut down of Colonial Pipeline.

What’s happening is that digital transformation, while providing many benefits, has also dramatically expanded the attack surface. “An old problem is that many companies continue to cling to the notion that cybersecurity is just another cost center, instead of treating it as a potentially catastrophic exposure – one that needs to be continually mitigated,” Dally says.

LW’s NEWS WRAP: ‘Spectre-NG’ — the latest family of chip vulnerabilities; expect more to come

By Byron V. Acohido

Last Watchdog’s News Wrap Vol. 1, No. 7.  Google and Microsoft don’t team up very often. But the software rivals, to their credit, have been moving in unison to help the business community get ahead of a new class of hardware-level security flaws  that affect most of the networks now in service.

Researchers at Google’s Project Zero recently uncovered more such hardware flaws, which originate inside the central processing unit, or CPU, and first came to light when the milestone Meltdown and Spectre vulnerabilities came to light in early January.

Related article: A primer on ‘microcode’ vulnerabilities

I’ve previously unraveled how a design short cut, called ‘speculative execution,’  has finally come home to roost in the form of a vast security exposure. Speculative execution was a shortcut which Intel decided to take some 20 years ago in order to increase processing speed.

Google on Monday VERIFY formally disclosed this latest iteration of these chip flaws: eight new vulnerabilities dubbed  ‘Spectre Next Generation’ or ‘Spectre-NG.’ Then on Tuesday VERIFY Microsoft issued security patches to eliminate this specific flaw on chips companies are using to run Windows operating systems.

Get used to this pattern of disclosure and patching. These vulnerabilities won’t be eliminated until the next generation of chips arrive years from how.

“It’s safe to assume there are still quite a few flaws that have yet to be discovered,” Craig Dods, Juniper Networks chief security architect, told me. “I’m hesitant to conclude that things will only get worse with time. The barrier to entry for this type of research is quite high and generally remains possible for only the most skilled engineers.”

It will be nice if Dods’ conservative assessment holds true and we never seen anything bad come from chip flaws. However,  Russia- and China-backed cyber operatives and for-profit criminal rings certainly have deep pockets and top engineering talent – so why wouldn’t they jump into a race with white … more

LW’s NEWS WRAP: Mirai botnet variants take Internet-of-Things hacking to higher levels

By Byron V. Acohido

Last Watchdog’s News Wrap, Vol. 1, No. 2. Don’t look now but the weaponization of the Internet of Things just kicked into high gear. The Mirai botnet, which I first wrote about in December 2016, is back — in two potent variants. Mirai Okiru targets ARC processors – the chips embedded autos, mobile devices, smart TVs, surveillance cameras and many more connected products.

Related article: Massive IoT botnet hits German home routers

Mirai Satori, meanwhile, hijacks crypto currency mining operations, syphoning off newly created digital coins infects.Whether these variants are the work of Mirai’s creator, or copycats, hasn’t been determined.

“It is important to understand that the development community for malware is just as active and often more driven to create improved versions as the conventional software industry is,” Mike Ahmahdi, DigiCert’s global director of IoT security solutions, told me. “System builders and device manufacturers need to have a greater focus on implementing mitigation’s and controls that address the root issues that allow malware to flourish, rather than focusing on addressing the malware ‘flavour du jour’.”

Fancy Bear targets Olympic officials

Meanwhile, Russian hackers continue to be very methodical about interfering in U.S. politics —  for obvious strategic advantage. It turns out they also are passionate about preserving the stature of their star athletes.

The infamous hacking collective known as Fancy Bear has been tied to disruptive hacks targeting the DNC. Now those same hackers are also bedeviling the International Olympic Committee in apparent retribution for restricting Russia’s participation in the  upcoming Winter Games.

The hackers aim is to discredit Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

NEWS WRAP-UP: Kaspersky ban underway for U.S. agencies; Equifax data breach lawsuits pile up; Europe plans new agency to quell cyber threats

By Byron V. Acohido

Week ending Sept. 15.The U.S. government moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyber espionage activities. Acting Homeland Security Secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government, and its software poses a security risk.

The Department of Homeland Security “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.” Source: The Washington Post

Lawsuits against Equifax start to pile up after massive data breach

Equifax is facing nearly two dozen class-action lawsuits, along with a separate suit from Massachusetts, over the data breach that compromised the personal information—names, addresses, birth dates and Social Security numbers—of more than 143 million people. Sensitive data from about half of the U.S. population has been available to hackers for weeks. Check your status on Equifax’s website: Equifaxsecurity2017.com. Source: PBS

One line in lengthy bill may allow law enforcement to pursue WikiLeaks

A Senate panel may be trying to give federal law enforcement a new tool to go after the anti-secrecy group WikiLeaks and its U.S. collaborators. A one-sentence “Sense of Congress” clause tacked onto the end of an 11,700-word bill approved by the Senate Intelligence Committee is likely to come before the full Senate this month. The clause says that WikiLeaks “resembles a non-state hostile intelligence … more

NEWS WRAP-UP: Equifax admits losing data for 143 consumers; Symantec finds dozens of U.S. power plants compromised; Trump wants hacked email lawsuit thrown out

By Byron V. Acohido

Week ending Sept. 9. Credit-reporting agency Equifax said hackers gained access to sensitive personal data—Social Security numbers, birth dates and home addresses—for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for credit histories. Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a “website application vulnerability” and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates are particularly sensitive data.

Those who possess them have the ingredients for identity fraud and other crimes. Equifax also lost control of an unspecified number of driver’s licenses, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its “core consumer or commercial credit reporting databases.” Equifax is one of the largest U.S.-based credit reporting agencies that collect and analyze detailed records of financial data for records of a wide range of consumers worldwide.  Source: The Washington Post

SEC chief says smaller investors need more info on cyber crime, fraud

Regulators must do more to help mom-and-pop investors understand the risks posed by cyber crime and new technologies used to commit fraud, said Securities and Exchange Commission Chairman Jay Clayton. He said cybersecurity would be one of the top enforcement issues during his tenure at the head of the Wall Street regulator. “I am not comfortable that the American investing public understands the substantial risks that we face systemically from cyber issues,” he said. One concern relates to a rise in cases of information being stolen by hackers to gain some sort of market advantage. Other areas of focus include: ensuring financial firms take the appropriate steps to safeguard sensitive information; cyber-related disclosure failures; and the growing prevalence of “initial coin offerings (ICOs).” Source: Reuters

U.K.… more

NEWS WRAP-UP: Scammers target hurricane victims; pacemakers at risk of being hacked; Tillerson signals closure of cybersecurity office

By Byron V. Acohido

Week ending Sept. 2. Scammers are using robocalls to try to fleece survivors of Hurricane Harvey. The robocalls tell people that their premiums are past due and that they must send money immediately or else have their flood insurance canceled. “That is pure fraud. You should only be taking information from trusted sources,” said Roy E. Wright, director of the National Flood Insurance Program at the Federal Emergency Management Agency. Saundra Brown, who handles disaster response for Lone Star Legal Aid in Houston, described a typical move by dishonest contractors: They ask a survivor to sign a contract for repairs on a digital tablet, but when printed out, the bid is thousands of dollars higher. Or the survivor may have unwittingly assigned FEMA disaster aid over to the scammer. Source: The Washington Post

Pacemaker patients could be at risk for hack

Nearly a half-million pacemaker patients could be at risk for cyber attacks thanks to a known security vulnerability, according to an alert from the Food and Drug Administration. The FDA issued an alert regarding manufacturer Abbott Laboratories’ recall notice affecting six pacemaker devices. The FDA has issued safety communications recalls like this in the past, but this is the first to affect implanted devices, said Josh Corman, director of the Cyber Statecraft Initiative at the Atlantic Council. Abbott said it would issue updates to reduce the risk of its St. Jude heart implants being hacked and to warn patients that the devices’ batteries may run down earlier than expected. Sources: FCW, Reuters

Some Instagram users’ phone numbers, emails exposed

Instagram, the 700 million-user photo-sharing service owned by Facebook, informed some users that hackers gained access to phone numbers and emails of high-profile accounts. The attack came through Instagram’s API, or its software that allows other sites and apps to connect with it. The company said the bug was fixed within a few hours of being identified. Source: CNetmore

NEWS WRAP-UP: Identity theft hits record levels globally; Researchers find robots susceptible to hacks; Sen. McCain calls Trump’s cybersecurity policy ‘weak’

By Byron V. Acohido

Week ending Aug. 26. Identity theft is reaching “epidemic levels,” says U.K. fraud prevention group Cifas, with people in their 30s the most targeted group. A total of 89,000 cases were recorded in the first six months of the year, a 5 percent increase over the same period last year and a new record. “We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day,” said Cifas CEO Simon Dukes. “The vast amounts of personal data that is available either online or through data breaches is only making it easier.” ID theft accounts for more than half the fraud that Cifas records. More than four in five crimes were committed online, with many victims unaware that they had been targeted until they received a bill or realized their credit rating had fallen. Fraudsters steal identities by gathering name, address, date of birth and bank account details, often by stealing mail, hacking computers, trawling social media, tricking people into giving details, or buying data through the dark web. Cifas said the latest figures show there has been a sharp rise in fraudsters applying for loans, online retail, telecoms and insurance products. Sources: BBC News, Huffington Post U.K.

$500,000 offered for messaging mobile app exploits

Zerodium is offering $500,000 for weaponized exploits that work against mobile apps that offer confidential messaging or privacy, such as Signal, WhatsApp, iMessage, Viber, WeChat, and Telegram. The broker said it would pay the same rate for exploits against default mobile email apps. Those are among the highest prices Zerodium offers. Only remote jailbreaks for Apple’s iOS devices fetch a higher fee, with $1.5 million offered for those that require no user interaction and $1 million for those that do. Source: Ars Technica

A hack wrapped inside an Enigma mailing list

Enigma, a platform that’s preparing to raise money via a … more