Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Top Stories

 

GUEST ESSAY: How amplified DDoS attacks on Ukraine leverage Apple’s Remote Desktop protocol

By Paul Nicholson

Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate.

Related: Apple tools abuse widespread

A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022. The total number of DDoS weapons, which was previously recorded at 15 million, has grown by over 400,000 or 2.7 percent in a six-month period.

This includes a notable 2X increase in the number of obscure potential amplification weapons such as Apple Remote Desktop (ARD).

The war in Ukraine has seen likely state-sponsored attacks using these types of DDoS attacks. The Log4j vulnerability has predictably proved fertile ground for hackers as well, putting millions of systems at risk, with Russia accounting for more than 75 percent of Log4j scanners and helping drive. In this intensifying threat landscape, the urgency for modern DDoS defenses becomes clearer every day.

A new report by the A10 Networks security research team explores the global state of DDoS weapons and tactics. Key findings follow.

GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives

By Kyle Mitchell

Cybersecurity poses a risk to all businesses.

Related: Biden moves to protect critical infrastructure

Dataprot reports that 59 percent of Americans have experienced cybercrime in the past. An estimate stated that $6 trillion worth of damage was caused by cybercrime in 2022, making it vital for businesses to securely destroy data.

Deleting information from a hard disk drive (HDD) is not enough. Hackers can recover data from physical drives, even when the information has been removed. When businesses have spent years building trust with customers, it is important to take the necessary precautions to protect data and the brand’s reputation by destroying data effectively.

Limits to wiping

Deleting files isn’t enough to keep data safe. With the right tools, hackers can retrieve deleted files. Depending on the operating system, there may be built-in tools to erase data. This is a quick and convenient method but third-party utilities offer a greater level of security.

DBAN is a free tool but is limited in its abilities, as it only works on hard drives and not solid-state drives (SSD). Working independent of the operating system (OS), DBAN can wipe the entire machine. This is important for any businesses upgrading their hardware to new technology, as it allows for the safe transfer of data before it is removed from old machines.

Other tools, such as CCleaner, require an upgrade to the premium version in order to fully wipe data, and cannot wipe the drive hosting the OS as this is where it will be installed.

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

By Michael Aminov

Phishing itself is not a new or a particularly complicated threat. But the emergence of  advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises.

Related: Deploying human sensors

Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8 million in 2021, compared with $3.8 million in 2015.

Despite increased public awareness of cybersecurity risks and safe browsing practices, the impact of phishing has increased exponentially – IBM’s 2021 Cost of Data Breach Report found phishing to be the second most expensive attack vector for enterprises.

Novel tactics

This is so, in part, because growing awareness has pushed hackers to create even more sophisticated means to plunder log-in information, or to lure employees to click on a malware-infected link – AKA next-gen, or “DeepSea” phishing.

These attacks use novel and rarely seen phishing techniques, often employing several layers of deception in parallel. Take this recent phishing attempt, which was identified by Perception Point’s Incident Response team:

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

By Gala Riani

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick?

Related: We’re in the golden age of cyber espionage

Intelligence is required to support the evolving needs of business, providing information for decision makers throughout the company lifecycle – everything from entering and exiting markets to managing mature operations. At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few.

In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e. with a turnover of over USD 250 million) about the importance of intelligence to their company. 65 percent said that strategic intelligence had grown in importance over the past five years.

And why? The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Cyber security keeps the C-suite up at night and perhaps that’s no surprise.

Cyber in a silo?

Cyber attacks are crippling incidents that hurt immediately – by halting business, and continue to hurt into the longer term – by hitting company reputation. This concern isn’t new, there is wide understanding that when it comes to cyber incidents, it is about  ‘when’ not ‘if’, and all large companies will have cyber strategies in place.

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

By Sriram Kakarala

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat.

Related: Deploying human sensors

Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say. This raises the concerns of corporate data security in remote working that still stand as a key challenge that organizations are trying to navigate, workforce productivity being the second.

Organizations need to have critical business data made available to the employees that work remotely- and this could include the devices carefully vetted and secured with corporate policies and provided by the organization, but could also include the devices that are not under the organization’s purview.

Fragmentation dilemma 

The modern employees demand flexibility and you simply can’t prevent employees from accessing work emails on their phones while they surf the beach or hike the mountains- nor does it add to your organization’s overall efficiency and productivity.

But this, along with the hugely fragmented devices and endpoints used in the virtual working environment adds to the security risks that can not only drain out the IT teams but also the CIOs to a great extent.

FIRESIDE CHAT: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

By Byron V. Acohido

Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon.

Related: Taking a risk assessment approach to vulnerability management.

This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to  zero trust security principles.

I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.

Guest expert: David Holmes, Analyst for Zero Trust, Security and Risk, Forrester Research

 

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. VPNs verify once and that’s it.

Zero trust — and more specifically zero trust network access, or ZTNA — never trusts and always verifies. A user gets continually vetted, with only the necessary level of access granted, per device and per software application; and behaviors get continually analyzed to sniff out suspicious patterns.

Remote access is granted based on granular policies that take the least-privilege approach. For many reasons, and for most operating scenarios, ZTNA solutions makes more sense, going forward, than legacy VPN systems, Holmes told me. But that doesn’t mean VPN obsolescence is inevitable. To learn more, please give the accompanying Last Watchdog Fireside Chat podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

GUEST ESSAY: The many benefits of infusing application security during software ‘runtime’

By Pravin Madhani

Vulnerabilities in web applications are the leading cause of high-profile breaches.

Related: Log4J’s big lesson Log4j, a widely publicized zero day vulnerability, was first identified in late 2021, yet security teams are still racing to patch and protect their enterprise apps and services.  This notorious incident highlights the security risks associated with open-source software, and the challenges of protecting web applications against zero day attacks.

To improve web application security, there are basic steps an organization should take:

•Security test earlier in the development cycle

•Make sure that software and operating systems are kept up to date and patched

•Utilize a multi-layered, defense-in-depth approach.

However, the most significant protection against zero day and other attacks comes from using security technologies that sit very close to how your application works.