Home Podcasts Videos Guest Posts Q&A My Take Bio Contact



Q&A: Why you should think twice about taking your laptop, smartphone on business travel

By Byron V. Acohido

International business travelers take heed: Starting now, and even more so going forward, you’ll need to carefully consider how your computing devices serve as a conduit to sensitive company data.

This includes everything stored directly on your smartphones and laptops—and everything reachable from your personal computing devices that may be stored in the internet cloud.

Electronic media searches by government authorities already were on a steeply rising curve due to terrorist threats. For instance, digital device searches at U.S. border crossings rose to 23,877 in 2016 vs. just 4,764 in 2015.

Related article: Snowden expounds on government surveillance at Privacy XChange Forum

Then in early March, President Trump issued an executive order signaling that travelers entering the United States—including attorneys with cloud access to client information—could have their digital devices subjected to search without a warrant.

ThirdCertainty asked two attorneys who follow international privacy issues closely to put this development into context. Here is what Edward J. McAndrew, partner and co-chair of Ballard Spahr’s privacy and data security group, and Daniel B. Garrie, executive managing partner at Law & Forensics, had to share:

LW: What are the main drivers of the dramatic spike in electronic media searches at U.S. border crossings?

Garrie: Most likely a directive from President Obama (prior to 2017,) as well as a general increase in the number of electronic devices that people are carrying with them. Border agents have the legal right to search physical luggage, and that right has been expanded to digital luggage as well. Electronic media carries a treasure trove of information about the traveler, and can be far more informative to search.

McAndrew: There had to have been a change in policy within the government. We’re talking about efforts to secure the borders against terrorism threats, and about child exploitation and all manner of crime. These digital devices are incredible repositories of information, not only about the individuals who carry them, but … more

PODCAST: How built-in application security can improve network security

By Byron V. Acohido

There was at time 15 years ago when we fully expected the latest, coolest software to come riddled with aggravating bugs. Consumers were trained to expect that the software vendor would fix the glitches in version 1.1 or 1.2.

Software developers today remain under more pressure than ever to rush to market with the coolest functionalities. But those that do so create fresh vulnerabilities that cyber criminals pounce on to breach business networks and cause other havoc.

Factor in the ongoing shift into cloud computing and the rapid expansion of the Internet of Things, and the problem of loosely written software takes on profound significance—to the point of putting political systems, and even human lives, at risk.

The good news is that there is a rising field of cybersecurity, referred to as “application security,” that has come on to promote a pattern of putting more forethought into developing new software with security built in from the ground up.

Silicon Valley-based software company Synopsys has jumped with both feet into the application security field. With 10,000-plus employees and $2.4 billion in annual revenue, Synopsys is the U.S. software giant most folks have never heard of.

The company got started in 1986, spun out of General Electrics’ research branch. It then proceeded to help pioneer the software tools used for designing the integrated circuits and circuit boards at the core of digital commerce as we know it today.

Now Synopsys is staking out turf in the burgeoning cybersecurity market. It recently formed a business unit, called the Software Integrity Group, by acquiring a string of companies doing work in application security—the pursuit of embedding security features as early as possible in the development of business software, even down to the chip level.

Synopsys’ buying binge toward this end has included Coverity, Codenomicon, Seeker, Protecode and, most recently, Cigital and Codiscope. At RSA 2017, I had the … more

VIDEO: How CIA cyberweapons are increasingly being used to hack banks, credit unions

By Byron V. Acohido

When WikiLeaks released details about the CIA’s arsenal of hacking tools last month, it was like Christmas arrived early for hackers who specialize in cracking into the business networks of financial services companies.

Mandiant, the forensics division of malware detection vendor FireEye, affirmed as much in its M-Trends 2017 report, issued shortly thereafter. The Mandiant report disclosed how cyber criminals have quickly embraced CIA-type tools to juice up their banking system attacks.

I spoke to Bob Thibodeaux, chief information security officer, at Seattle-based DefenseStorm, about this. DefenseStorm provides a security service for community banks and credit unions that monitors network traffic—specifically event log data—for malicious activities.

“What we are seeing with the leak of the CIA’s attack tools are that cyber criminal elements are actually taking advantage of the knowledge of those tools for their attacks,” Thibodeaux told me. “We are seeing them actually using the kinds of tactics that the government actors are using to exploit financial firms, specifically.”

These cutting-edge attacks are showing up in banking systems in southeast Asia, according to Mandiant. But it may be only a matter of time before use of similar tactics, leveraging the CIA leak, spread to banks in other regions. “The attackers are using tools that Windows system administrators would use to actually stay on the network, monitor traffic, figure out how the banking process works, and then steal tens to hundreds to millions of dollars,” Thibodeaux says.

Community banks and credit unions in the United States are likely to be targeted because they are less well-defended than the big multinational banks.

It is all too typical for a small bank or credit union to rely on basic network defense systems, even though malicious probes and communications with criminal command-and-control servers are nonstop.

Unfortunately, it’s not going to get any easier for smaller banks and credit unions to play catch-up, much less neutralize cyber attacks over … more

PODCAST: A tour of the dark reaches of the Darknet

By Byron V. Acohido

The Darknet is a vast part of the internet where most ordinary citizens will never tread. Google, Bing and GoDuckGo do not keep track of anything in the Darknet. Its web locations can only be reached if you’re versed in using nonstandard communications protocols.

With this in mind, I attended a talk by Andrew Lewman, chief revenue officer of Farsight Security at the RSA2017 in San Francisco. The title of his talk: “Tracking Darknet: A Window into Attackers’ Motives, Methods and Targets.” A few eye-opening takeaways:

• Follow the money. The Darknet is where the cyber underground convenes. Network breaches now cause a phenomenal $600 billion in damages annually, a level of crime intensifying at a rate that will drive corporate losses to $2.5 trillion by 2020, according to British consultancy Juniper Research. The Darknet functions as the commons where all of the intricate horse trading underlying the complex, amazingly efficient cyber crime economy takes place.

• It takes a village. Want to hack a high visibility target? Head to the Darknet forums. It won’t take you long to find parties knowledgeable about the systems your target uses, and, more importantly, the unpatched vulnerabilities therein waiting to be exploited. You can then shop for malware that will get you inside, and help you stealthily copy and exfiltrate entire databases. Now you need to market what you stole. One tried and true way is to post a sample of the stolen data on a Darknet location monitored by hacktivists and reporters. Voila, your breach hits the headlines. Expect purchase queries to follow via the forums.

• Cashing in. Bitcoin is the Darknet’s virtual currency of choice. But it’s hard to pay the mortgage or buy a Tesla  with Bitcoin. What’s more, U.S. and European anti-laundering laws can snare you at legitimate exchanges. Luckily, on the Darknet faked passports are readily available, Bitcoins accepted for payment. It’s simple to set up an … more

Q&A: The caring, feeding and replenishing of modern-day botnets

By Byron V. Acohido

Part of the reason cyber attacks remain unstoppable is because our own computing devices help supply the bad guys’ processing power—as part of botnets.

A bot is a computing nodule with a small bit of coding that causes it to obey instructions from a command and control server. A botnet is a network of thousands upon thousands of bots under control of an attacker.

Related video: What you should know about battling botnets

Bots actually derive from two primary sources. The classic source — so-called “pwned” PCs. Infections lurk everywhere: in email-borne attachments and web links; in social media postings; on popular and obscure web pages. A pwned PC operates normally for the unwitting user, though he or she may notice performance lags when it is silently carrying out the botnet operator’s commands.

Just in the past couple of years a secondary source has arisen:  virtual instances of computing devices stood up by the thousands by tapping into public cloud services, namely Amazon Web Services, Microsoft Azure and Google Cloud. Criminals can set up these instance of virtual bots very stealthily — and very cost effectively — thus boosting the horsepower of their botnets, on the cheap.

Botnets are continually replenished. The care, feeding and deployment of botnets has grown into a multibillion-dollar criminal enterprise. Criminal rings use botnets to spread spam, distribute phishing scams, launch denial of service attacks, infiltrate and plunder networks, execute wire fraud and more. Botnets are the engine of cyber crime.

ThirdCertainty recently asked Rami Essaid, CEO of Distil Networks, about the current state of botnet activities. Distil is in the vanguard of security start-ups focused on monitoring and deterring botnet traffic. This text has been edited for clarity and length.

3C: Distil is focused on detecting bots operating in browsers. Can you tell us about that?

Essaid: Bots have gotten to be a lot more sophisticated. Instead of just being a script on … more

How a simple phishing trick snared Clinton staffer John Podesta

By Bob Sullivan

A simple, decade-old trick likely led to the hacking of critical Hillary Clinton staff members. If John Podesta can fall for it, with the presidential election at stake, so can you. So listen up.

I know I sound like a broken record when I warn people to think before they click, and I know most people think they’ll never fall for silly hacker tricks, but hey, this stuff is important. It very well might have an impact on who gets to be the leader of the free world.

Related video: Anatomy of a “CEO fraud” phishing caper

Information continues to trickle out of hacked emails that come from senior officials in Clinton’s campaign team, including campaign chairman John Podesta. This week brought additional evidence describing how it happened. It was pretty easy.

The Clinton campaign has not commented on reports that part of the email threads released last Friday by WikiLeaks includes discussion about a phishing campaign aimed at Podesta.

It appears that Podesta, and hundreds of other Clinton camp workers, received targeted phishing emails telling them they had to change their password immediately. Of course, workers who fell for the email were led to a look-alike page controlled by hackers.

Part of the reason the dupe worked involved links that used URL-shortening service Bitly, which turns long web addresses into short ones for convenience. Bitly also has the terrible quality of completely obscuring where the clicker is actually going until it’s too late.

For years, I’ve thought this to be a security flaw inherent in link shorteners, and I believe Bitly and other URL shorteners needed to engineer a fix.

In the meantime, you need to know three critical things:

•Bitly links can’t be trusted. Never click on a Bitly link when anything even remotely sensitive is involved.

•Any plea to urgently change your password should be met with serious skepticism. When you decide to do so, always manually … more

Ransomware rampage takes aim at business targets

By Byron V. Acohido

Consumers are no longer the prime target of ransomware campaigns. After years of petty thievery on a global scale – locking up the computer screens of millions of consumers with scams to sell bogus $79 antivirus clean-up services  —  they’ve turned their attention to much bigger fish.

The opening quarter of this year saw a 7 percent  rise  in registration of websites set up exclusively to host ransomware campaigns, according the Infoblox DNS Threat Index.

That surge is a clear indicator of a shift to “industrial-scale, big-money attacks on all sizes and manner of organizations, including major enterprises,” says Rod Rasmussen, Vice President of Cybersecurity at Infoblox.

A new report issued last month by Solutionary shows that the healthcare industry accounted for 88 percent of ransomware detections in Q2 of this year. Education (6 percent) and financial institutions (4 percent) were also targeted.

“Healthcare organizations use an abundance of systems and devices that are crucial pivot-points for an attacker,” notes  Rob Kraus, director of Solutionary’s  Security Engineering Research Team.

Hospitals in the United States and Europe have been locked out of their data and forced to pay tens of thousands of dollars to recover their data. This wave of successful cyber extortion has encouraged malicious hackers to begin targeting other organizations that supply critical services.

Compelling efficacy

Liviu Arsene, Senior E-Threat Analyst at Bitdefender, says it’s clear the bad guys recognize how lucrative ransomware attacks against businesses can be. He expects these cyber extortionists to continue taking full advantage of organizations that make themselves easy targets.

“Cybercriminals could even try extorting the same victim more than once,” Arsene says. “Probably the most likely targets will be small and medium-sized businesses that work with large organizations, as they’re less likely to invest a great deal in cybersecurity.”

From the criminal perspective, the efficacy of ransomware attacks against businesses is compelling. Instead of stealing data and having … more