Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

By Byron V. Acohido

Would you back out of a driveway without first buckling up, checking the rear view mirror and glancing behind to double check that the way is clear?

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. Yet it’s my experience that most people don’t fully appreciate the profound risks they face online and all too many still do not practice simple behaviors that can dramatically reduce their chances of being victimized by malicious parties.

Related: Long run damage of 35-day government shutdown

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration.

This has become an engrained pattern in our modern digital world. A vivid illustration comes from Palo Alto Networks’ Unit 42 forensics team. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. This variant of Xbash is equipped to quietly uninstall any one of five popular types of cloud security protection and monitoring products used on such servers.

Targeting one device

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative.

To be sure, it’s not as if the good guys aren’t also innovating. Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 percent, according to tech consultancy Gartner. …more

PODCAST: US cyber foes take cue from government shutdown; rise in malware deployment under way

By Byron V. Acohido

One profound consequence of Donald Trump’s shutdown of the federal government, now in day 33, is what a boon it is to US cyber adversaries. And moving forward, the long run ramifications are likely to be dire, indeed.

Related: Welcome to the ‘golden age’ of cyber espionage

With skeleton IT crews manning government networks, America’s adversaries — China, Russia, North Korea, Iran and others in Eastern Europe and the Middle East —  have seized the opportunity to dramatically step up both development and deployment of sophisticated cyberweapons targeting at federal systems, says Jeremy Samide, CEO of Stealthcare, supplier of a threat intelligence platform that tracks and predicts attack patterns.

For a full drill down on the stunning intelligence Samide shared with Last Watchdog, please listen to the accompanying podcast. In a nutshell, Trump’s government shutdown has lit a fire under nation-state backed cyber spies to accelerate the development and deployment of high-end cyberweapons designed to be slipped deep inside of hacked networks and stealthily exfiltrate sensitive data and/or remain at the ready to cripple control systems.

This spike in activity has been very methodical, Samide told Last Watchdog. Operatives are stepping up probes of vulnerable access points on the assumption that no one is guarding the playground, Samide says.  At the same time, they are also accelerating development of the latest iterations of weaponry of the class of Eternal Blue, the NSA’s top-shelf cyberweapon that was stolen, leaked and subsequently used to launch the highly invasive WannaCry and NotPetya worms.

The longer the Trump government shut down continues, the more time US cyber adversaries will have to design and deploy heavily-cloaked malware —  and embed this digital weaponry far and wide in federal business networks and in critical infrastructure systems, Samide says.

What’s more, the longer the government closure continues, the more likely it is that key IT staffers with cybersecuritiy experience will choose to move to the private sector where there is an acute skills shortage. …more

GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

By Nimmy Reichenberg

The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed.

Related: Addressing the cyber skills gap

This does not mean the creative staffing solutions do not serve their purpose. Countless organizations have taken steps such as hiring IT professionals and setting up training programs to provide them with cybersecurity skills and tapping into local universities’ graduate pools. Those stopgap efforts have provided some relief but fall well short of filing in the ranks. The greatest challenge lies in hiring experienced security professionals, and those can’t be created overnight.

With no end to the cybersecurity talent shortage in sight, organizations are increasingly turning to automation as a means of “doing more with less”. One category of solutions that is quickly getting traction is Security Orchestration, Automation and Response (SOAR).

Nowhere is the skills shortage more prevalent than inside the SOC (security operations center), …more

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

By Pravin Kothari

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise.

Related podcast. Evidence shows we’re in ‘Golden Age’ of cyber spying

The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October. News reports this week indicate internal documents, including details of arms procurement for the country’s next-generation fighter aircraft, were pilfered from at least 10 of the hacked computers.

The hackers reportedly manipulated server software and succeeded in siphoning records from connected workstations. Though South Korean officials stopped short of blaming North …more

GUEST ESSAY: What your company should know about addressing Kubernetes security

By Gary Duan

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers.

Related podcast: Securing software containers

Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to  deploy, scale, and manage.

As beneficial as Kubernetes is for orchestrating containerized environments, a maturing set of security best practices must be adhered to for enterprises to ensure that their applications and data are as safe as possible from emerging vulnerabilities and exploits.

The most dangerous attacks on container environments will execute a “kill chain” of events – not striking all at once but instead through a sequence of lateral moves within the dynamic container environment to ultimately take over containers, attack Kubernetes services, or gain unauthorized access.

Attackers are shaping their attacks to take advantage of recently discovered vulnerabilities and systems which have not yet been patched or equipped to counter efforts to exploit them. In addition, the discovery of malicious ‘backdoors’ hidden in popular Docker images is another cause for concern.

Three recent examples illustrate this seemingly endless stream of vulnerabilities that attackers can leverage in a containerized environment: the Dirty Cow exploit, the Linux Stack Clash vulnerability, and the even more recently discovered CVE-2018-1002105 vulnerability in Kubernetes. Here’s how each inflicts damage: …more

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

By Byron V. Acohido

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints.

Related: California enacts pioneering privacy law

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network.

In recognition of the significant security risks privileged accounts can pose, industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management.1-

Last Watchdog asked Adam Bosnian, executive vice president at CyberArk – the company that pioneered the market – to put into context how much can be gained by prioritizing privilege in today’s dynamic, fast-evolving digital business landscape. Here are excerpts edited for clarity and length:

LW: Why is privileged access management so important?

Bosnian: Privileged access has become the fulcrum of the success or failure of advanced attacks. Nearly 100 percent of all advanced attacks involve the compromise of privileged credentials.

This is a mounting challenge for organizations because privileged accounts exist and ship in every single piece of technology, including servers, desktops, applications, databases, network devices and more.  …more

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

By Byron V. Acohido

The heyday of traditional corporate IT networks has come and gone.

In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars.

Related podcast: Why the golden age of cyber espionage is upon us

This coming wave of IoT networks, architected to carry out narrowly-focused tasks, will share much in common with the legacy operational technology, or OT, systems long deployed to run physical plants — such as Industrial Control Systems (ICS,)  Supervisory Control and Data Acquisition (SCADA ,) Data Control System (DCS,) and Programmable Logic Controller (PLC.)

The global cybersecurity community is keenly aware of these developments and earnest discussions are underway about how to deal with the attendant security exposures. This includes a rising debate about the efficacy of the Common Vulnerability Scoring System, or CVSS.  Initially introduced in 2005, CVSS is a framework for rating the severity of security vulnerabilities in software.

Last Watchdog recently sat down with a couple of senior executives at Radiflow, a Tel Aviv-based supplier of cybersecurity solutions for ICS and SCADA networks, to get their perspective about how NIST and ICS-CERT, the two main organizations for disclosing and rating vulnerabilities, are sometimes not aligned. Radiflow currently is conducting this survey to collect feedback from IT and OT professionals about the ramifications of this conflict.

Radiflow expects to release its survey findings in late January. This is not just another arcane tussle among nerdy IT professionals. New vulnerabilities and exposures are part and parcel of accelerating the deployment of vast distributed systems, fed by billions of IoT sensors. And they must be fully addressed if digital commerce is to reach its full potential. Here are excerpts of my discussion about this with Radiflow’s CEO Ilan Barda and CTO Yehonatan Kfir, edited for clarity and length:

LW: As we move forward with digital transformation and the Internet of Things, is it becoming more urgent to think about how we protect OT systems?

Barda: Yes. The risks are growing for two reasons. One is the fact that there are more and more of these kinds of OT networks, …more