Implement Vulnerability Lifecycle Management Now Or Face The Consequences – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver

 

The following heading hit the news recently on September 7, 2017:

Equifax Inc. today announced a cyber security incident potentially impacting around 143 million U.S. customers. Wrongdoers exploited a U.S. site application vulnerability to gain access to certain files. Based upon the business’s examination, the unauthorized access happened from the middle of May through July 2017.

Lessons from Past Debacles

If you like your job, appreciate your role, and desire to retain it, then don’t leave the door open to enemies. A major data breach frequently begins with an un-patched vulnerability that is readily exploitable. And after that the inescapable happens, the cyber criminals are inside your defenses, the crown jewels have left the building, the press releases fly, costly consultants and outside legal counsel rack up billable hours, regulators come down, claims are flung, and you have “some severe ‘splainin’ to do”!

We are unsure if the head splainer in the current Equifax debacle will endure, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.

In such cases the typical rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (particularly the audit and business responsibility committees). Do not let this occur to your career!

Steps to Take Immediately

There are some common sense steps to take to prevent the inescapable breach catastrophe arising from unpatched vulnerabilities:

Take inventory – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s segmentation, what devices are connected, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the level of sensitivity of those assets, what defenses are layered around those assets, and exactly what checks remain in place along all potential access points.

Simplify and toughen up – Implement best practices suggestions for identity and access management, network division, firewall and IDS setups, operating system and application setups, database access controls, and data encryption and tokenization, while simplifying and trimming the number and complexity of subsystems across your business. Anything too intricate to handle is too intricate to protect. Choose setup hardening heaven over breach response hell.

Constantly monitor and scrutinize – Routine audits are necessary but not enough. Constantly monitor, track, and assess all appropriate security events and exposed vulnerabilities – have visibility, occasion capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command provided, every networking contact, every database transaction, and every delicate data access. Any gaps in your security event visibility produce an opponent free-fire zone. Establish crucial efficiency metrics, track them ruthlessly, and drive for unrelenting enhancement.

Do not accept functional reasons for insufficient security – There are always safe and effective operational policies, however they may not be pain-free. Not suffering a disastrous data breach is long down the organizational discomfort scale from the alternative. Operational expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of bad cyber practices in an intensifying danger environment. Lay down the law.

Take Action Now After The Security Incident At Equifax – Charles Leaver

Written By Michael Levin And Presented By Charles Leaver

 

Equifax, among the 3 major U.S. based credit reporting services simply revealed a major data breach where cyber criminals have actually taken sensitive info from 143 million American consumers.

Ways that the Equifax security breach WILL impact you:

– Personal – Your personal and family’s identity info is now known to hackers and will be targeted!

– Business – Your companies could be affected and targeted.

– Nationally – Terrorist, Nation States and organized crime groups could be included or utilize this data to commit cybercrime to acquire funds.

Protecting yourself is not complicated!

Five suggestions to secure yourself right away:

– Sign up for a credit tracking service and/or lock your credit. The quickest method to be notified that your credit is jeopardized is through a credit monitoring service. Equifax has already begun the process of establishing free credit monitoring for those involved. Other credit tracking services are offered and must be thought about.

– Track all your monetary accounts including credit cards and all bank accounts. Guarantee that notifications are turned on. Ensure you are receiving instant text and e-mail alerts for any modifications in your account or enhanced balances or transactions.

– Safeguard your bank and monetary accounts, guarantee that two level authentication is turned on for all accounts. Learn more about two level authentication and turn it on for all financial accounts.

– Phishing e-mail messages can be your biggest day-to-day risk! Take your time when dealing with email messages. Stop automatically clicking on every email link and attachment you recieve. Instead of clicking links and attachments in email messages, go separately to the sites beyond the e-mail message. When you get an email, you were not expecting from a name you recognize think about calling the sender independently before you click links or attachments.

– Strong passwords – consider altering all your passwords. Establish strong passwords and secure them. Use various passwords for your accounts.

Other Security Thoughts:

– Backup all computer systems and upgrade operating systems and software applications routinely.

– Social media security – Sharing too much details on social media increases the risk that you will be preyed on. For example, informing the world, you are on a getaway with images opens the risk your home will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a moment. Don’t leave anything in your automobile you do not desire taken since it’s just a matter of time.

– Internet of things and device management – Understand how all your devices link to the Internet and exactly what information you are sharing. Check security settings for all devices including smart watches and physical fitness bands.

The value of security awareness training:

– This is another crime, where security awareness training can help to minimize danger. Understanding brand-new crimes and scams in the news is a fundamental part of security awareness training. Making sure that workers, friends and family are aware of this rip-off will considerably decrease the probability that you will be preyed on.

– Sharing new frauds and crimes you find out about in the news with others, is necessary to guarantee that the people you care about do not come down with these kinds of criminal activities.

Generic Is Limited Extensible Is Limitless – Charles Leaver

Written By Charles Leaver Ziften CEO

 

Whether you call them extensions, or call them modifications – no matter what they are called, the very best technology platforms can be customized to fit a company’s specific business needs. Generic operations tools are fine at carrying out generic operations jobs. Generic security tools are fine at attending to generic security challenges. Generic can just take you so far, though, and that’s where extensibility steps in.

Extensibility shows up typically when I’m talking to customers and potential customers, and I’m proud that a Global 10 business chose Ziften over everybody else in the market mostly on that basis. For that client, and lots of others, the capability to deeply tailor platforms is a requirement.

This isn’t about simply developing custom reports or custom alerts. Let’s be sincere – the capability to create reports are baseline capability of numerous IT operations and security management tools. True extensibility goes deep into the solution to provide it abilities that solve real issues for the company.

One client used lots of mobile IoT devices, and had to have our Zenith real time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, because our low footprint agent doesn’t hook into the os kernel or work through standard device drivers. However, we dealt with the client to customize Zenith with that ability – and it turned out to be simpler than anyone imagined.

Another customer took a look at the standard set of end point data that the agent collects, and wished to include extra data fields. They also wished to setup the administrative console with custom-made actions using those data fields, and press those actions back out to those endpoints. No other endpoint tracking and security option could supply the function for adding that functionality other than Ziften.

What’s more, the client developed those extensions themselves … and owns the code and intellectual property. It becomes part of their own secret sauce, their own organization differentiator, and distinct to their organization. They could not be happier. And neither could we.

With lots of other IT operations and security systems, if clients desire extra features or capabilities, the only choice is to submit that as a future feature demand, and hope that it appears in an approaching version of the product. Till then, regrettable.

That’s not how we designed our flagship solutions, Zenith and ZFlow. Due to the fact that our end point agent isn’t really based upon kernel hooks or device drivers, we can enable significant extensibility, and open up that extensibility for customers to access directly.

Similarly, with our administrative consoles and back-end monitoring systems; everything is customizable. And that was built in right from the beginning.

Another area of customization is that our real-time and historic visibility database can integrate into your other IT operations and security platforms, including SIEM tools, risk intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

In the world of endpoint tracking and management, extensions are significantly where it’s at. IT operations and business security teams need the capability to customize their tools platforms to fit their specific requirements for monitoring and handling IoT, standard endpoints, the data center, and the cloud. In numerous customer conversations, our integrated extensibility has actually caused eyes to illuminate, and won us trials and implementations. Tell us about your customized requirements, and let’s see exactly what we can do.

You Can See Our Endpoint Security Architecture In This Video – Charles Leaver

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver

 

End Point security is all the rage these days. And there are lots of various suppliers out there touting their services in this market. But it’s in some cases challenging to comprehend exactly what each vendor offers. What’s much more tough is to comprehend how each supplier solution is architected to supply their services.

I believe that the back-end architecture of whatever you choose can have an extensive impact on the future scalability of your execution. And it can create lots of unpredicted work and costs if you’re not cautious.

So, in the spirit of openness, and since we believe our architecture is not the same, unique and powerful, we invite all endpoint security suppliers to “reveal to us your architecture”.

I’ll get the ball rolling in the following video where I show you the Ziften architecture, and a number of exactly what I think about legacy architectures for comparison. Particularly, I’ll discuss:

– Ziften’s architecture developed using next-gen cloud concepts.
– One business peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually revealed you the power of our really cloud-based platform. Now it’s my rival’s turn. What are you waiting for folks – show us your architectures!

Offense And Defense For Managing Security And Risk – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO

 

Threat management and security management have long been handled as different functions typically performed by different functional teams within an organization. The recognition of the need for continuous visibility and control across all assets has actually increased interest in trying to find commonalities between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is really timely given the continued difficulty the majority of business organizations experience in drawing in and retaining competent security personnel to manage and safeguard IT infrastructure. An unification of activity can help to much better take advantage of these crucial personnel, minimize expenses, and help automate response.

Historically, danger management has been considered as an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations teams actively perform device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate potential risks. Activities that enhance risk decreasing and that are performed by IT operations consist of:

Offensive Danger Mitigation – Systems Management

Asset discovery, inventory, and revitalize

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud work migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and concern response/ repair work

On the other side of the field, security management is deemed a defensive strategy, and is generally the field of play for security operations teams. These security operations groups are usually responsible for hazard detection, event response, and resolution. The objective is to react to a risk or a breach as quickly as possible in order to lessen impacts to the organization. Activities that fall squarely under security management and that are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or hazard hunting

User behavior monitoring / insider risk detection and/or searching

Malware analysis and sandboxing

Event response and threat containment/ removal

Lookback forensic examinations and source determination

Tracing lateral risk motions, and further threat elimination

Data exfiltration identification

Effective companies, obviously, need to play both offense AND defense equally well. This need is driving companies to recognize that IT operations and security operations have to be as lined up as possible. Hence, as much as possible, it assists if these 2 teams are playing utilizing the same playbook, or a minimum of working with the exact same data or single source of truth. This means both groups ought to aim to utilize some of the exact same analytic and data collection tools and methodologies when it concerns managing and protecting their endpoint systems. And if companies count on the same personnel for both jobs, it definitely assists if those people can pivot between both jobs within the very same tools, leveraging a single data set.

Each of these offending and defensive tasks is crucial to safeguarding an organization’s copyright, reputation, and brand. In fact, managing and focusing on these jobs is what frequently keeps CIOs and CISOs up during the night. Organizations need to acknowledge opportunities to align and combine groups, innovations, and policies as much as possible to guarantee they are concentrated on the most immediate need along the existing threat and security management spectrum.

When it concerns handling endpoint systems, it is clear that companies are approaching an “all the time” visibility and control model that allows constant danger assessments, constant hazard tracking, as well as constant performance management.

Thus, organizations have to try to find these 3 crucial abilities when evaluating brand-new endpoint security systems:

Solutions that supply “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that supply a single source of reality that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to provide even greater value for both IT and security groups.

What We Took From Black Hat And Defcon This Year – Charles Leaver

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver

 

Here are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s synopsis. It is large in part due to the style of the opening talk given by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the importance of re focusing the security neighborhood’s efforts in working better together and diversifying security options.

“Working much better together” is seemingly an oxymoron when taking a look at the mass competitiveness amongst hundreds of security companies striving for customers throughout Black Hat. Based off Stamos’s messaging throughout the opening keynote this year, I felt it essential to add a few of my experiences from Defcon also. Defcon has actually historically been an occasion for finding out and consists of independent hackers and security specialists. Last week’s Black Hat style concentrated on the social element of how companies need to get along and really assist others and one another, which has constantly been the overlying message of Defcon.

People checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you aim to help people acquire understanding and gain from others. Moss desires guests to remain ‘good’ and ‘useful’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his presentation about security companies. Stamos asked that we all share in the responsibility of helping those that can not help themselves. He also raised another relevant point: Are we doing enough in the security industry to truly assist individuals rather than just doing it to make cash? Can we accomplish the goal of actually assisting individuals? As such is the juxtaposition of the two occasions. The main distinctions between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the creative side of exactly what is possible.

The company I work for, Ziften, provides Systems and Security Operations software applications – providing IT and security teams visibility and control across all endpoints, on or off a business network. We likewise have a pretty sweet sock game!

Numerous participants flaunted their Ziften assistance by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of signing up with forces to fight versus the corrupt is something most attendees from around the world accept, and we are not any different. Here at Ziften, we aim to really assist our consumers and the neighborhood with our services. Why offer or count on a service which is limited to just exactly what’s inside the box? One that offers a single or handful of particular functions? Our software is a platform for integration and provides modular, individualistic security and functional solutions. The whole Ziften team takes the imagination from Defcon, and we push ourselves to try and develop new, customized features and forensic tools where traditional security businesses would shy away from or merely stay consumed by daily jobs.

Providing all-the-time visibility and control for any asset, anywhere is one of Ziften’s main focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations groups to quickly fix end point issues, decrease general risk posture, speed hazard response, and enhance operations performance. Ziften’s safe and secure architecture delivers continuous, streaming endpoint tracking and historic data collection for enterprises, federal governments, and managed security companies. And remaining with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not enabled to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge needed location:P The Defcon hoards and jerks (Defcon mega-bosses using red t-shirts) were at a dead stop for a solid twenty minutes waiting for initial access to the four massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was fascinating however absolutely nothing new for veteran guests. I suppose it takes something notable to garner attention around particular vulnerabilities.? All vulnerabilities for most of the talks and particularly this village have currently been disclosed to the appropriate authorities prior to the event. Let us understand if you require aid locking down one of these (taking a look at you federal government folks).

A growing number of individual data is appearing to the general public. For example, Google & Twitter APIs are easily and openly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on people and particularly persons of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize people with severe accuracy and reveal really personal info about them. This should make you think twice about what you have actually set up on your systems and individuals in your work environment. Most of the above raw metadata was collected through a popular browser add-on. The fine tuning occurred with the algothrim and public APIs. Do you understand what internet browser add-ons are running in your environment? If the response is no, then Ziften can assist.

This presentation was plainly about making use of Point-of-Sale systems. Although quite funny, it was a tad frightening at the quickness at which one of the most commonly utilized POS systems can be hacked. This specific POS hardware is most commonly utilized when paying in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client credit card details entirely up to the hardware vendor? If you seek extra defense on your POS systems, then look no further than Ziften. We secure the most typically used enterprise operating systems. If you wish to do the enjoyable thing and set up the computer game Doom on one, I can send you the slide deck.

This person’s slides were off the charts exceptional. What wasn’t exceptional was how exploitable the MacOS is throughout the installation procedure of typical applications. Generally every time you install an application on a Mac, it requires the entry of your intensified opportunities. But what if something were to slightly modify code a moment before you entering your Administrator qualifications? Well, most of the time, most likely something not good. Anxious about your Mac’s running malware wise enough to detect and modify code on common susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can assist.

We help you by not replacing all your toolset, although we often discover ourselves doing just that. Our goal is to utilize the recommendations and current tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly intact, and ensure your operations and security teams work more effectively together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe collaborating
– Black Hat need to preserve a friendly neighborhood spirit

2) More powerful together with Ziften

– Ziften plays great with other software vendors

3) Popular current vulnerabilities Ziften can help prevent and resolve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted specific attacks

Now Vulnerabilities In Subtitle Packages For Movie Apps Have Been Found – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO

 

Do you like viewing movies with all the rage apps like Kodi, SmartTV or VLC on your devices? How about needing or desiring subtitles with those films and just getting the latest pack from OpenSubtitles. No problem, seems like a good evening in the house. Issue is, according to research by Check Point, you could be in for a nasty surprise.

For the hackers to take control of your ‘realm’, they require a vector or some way to get entry to your system. There are some common methods that happen nowadays, such as smart (and not so creative) social engineering techniques. Getting e-mails that appear to come from pals or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars aligned, you were pwned. Generally the star positioning part is not that tough, only that you have some susceptible software running that can be accessed.

Given that the trick is getting users to work together, the target market can often be tough to find. However with this newest research study published, several of the major media players have a distinct vulnerability when it concerns accessing and decoding subtitle plans. The 4 primary media giants noted in the article are fixed to date, but as we have actually seen in the past (just take a look at the recent SMB v1 vulnerability problem) just because a fix is readily available, doesn’t imply that users are upgrading. The research study has also declined to show the technical information around the vulnerability as to enable other vendors time to patch. That is a great indication and the correct technique I think researchers ought to take. Inform the vendor so they can fix the issue and also announce it openly so ‘we the people’ are informed and understand exactly what to watch out for.

It’s difficult to keep up with the several methods you can get infected, however at least we have scientists who relentlessly try and ‘break’ things to discover those vulnerabilities. By conducting the appropriate disclosure techniques, they help everyone enjoy a much safer experience with their devices, and in this scenario, a fantastic night in viewing motion pictures.

 

With Ziften Endpoint Products Integration With Your Existing Architecture Is Easy – Charles Leaver

Written By Roark Pollock And Presented By Ziften CEO Charles Leaver

 

Security professionals are by nature a mindful bunch. Being cautious is a characteristic most folks likely have entering into this market given its objective, however it’s also undoubtedly a quality that is acquired over time. Ironically this is true even when it concerns adding extra security controls into an already established security architecture. While one may presume that more security is better security, experience teaches us that’s not always the case. There are actually various issues associated with releasing a brand-new security product. One that usually shows up near the top of the list is how well a brand-new product integrates with existing services.

Integrating concerns can be found in a number of flavors. Firstly, a brand-new security control shouldn’t break anything. But additionally, brand-new security products need to gracefully share threat intelligence and act on threat intelligence collected throughout a company’s entire security infrastructure. To put it simply, the new security tools need to work together with the existing ecosystem of tools in place such that “1 + 1 = 3”. The last thing that the majority of security and IT operations teams require is more siloed products/ tools.

At Ziften, this is why we have actually always focused on building and delivering an entirely open visibility architecture. Our company believe that any brand-new systems and security operations tools need to be developed with improved visibility and information sharing as essential design requirements. However this isn’t really a one way street. Creating easy integrations requires technology partnerships between industry vendors. We consider it our obligation to deal with other technology businesses to equally integrate our products, therefore making it easy on consumers. Regrettably, lots of vendors still believe that integration of security services, especially brand-new endpoint security services is incredibly challenging. I hear the issue constantly in consumer conversations. But data is now appearing revealing this isn’t necessarily the case.

Recent study work by NSS Labs on “sophisticated endpoint” products, they report that Worldwide 2000 clients based in North America have been pleasantly shocked with how well these kinds of services integrate into their existing security architectures. According to the NSS research titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS consequently presented in the BrightTalk webinar listed below, respondents that had actually already deployed innovative endpoint products were much more positive regarding their ability to integrate into already established security architectures than were participants that were still in the planning stages of purchasing these services.

Specifically, for respondents that have actually already released innovative endpoint services: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Horrible) 0.0 %

Compare that to the more conservative responses from people still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These reactions are encouraging. Yes, as noted, security folks tend to be pessimists, however in spite of low expectations respondents are reporting favorable outcomes with respect to integration experiences. In fact, Ziften consumers usually exhibit the exact same preliminary low expectations when we initially go over integrating Ziften services into their existing ecosystem of products. However in the end, clients are wowed by how simple it is to share info with Ziften services and their existing infrastructure.

These study outcomes will ideally assist ease concerns as more recent product adopters may read and rely on peer suggestions before making purchase choices. Early traditional adopters are clearly having success releasing these products which will ideally assist to decrease the natural cautiousness of the real mainstream.

Certainly, there is substantial differentiation between products in the space, and companies need to continue to carry out appropriate due diligence in comprehending how and where products integrate into their broader security architectures. But, fortunately is that there are solutions not just fulfilling the requirements of consumers, but in fact out performing their preliminary expectations.

Petya Variant Flaw Is Real Trouble Unless You Are A Ziften Customer – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO

 

Another outbreak, another nightmare for those who were not prepared. While this newest attack is similar to the earlier WannaCry threat, there are some distinctions in this latest malware which is an alternative or new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anybody who encounters it. It may encrypt your data, or make the system completely inoperable. And now the e-mail address that you would be required to get in touch with to ‘possibly’ unencrypt your files, has actually been removed so you’re out of luck getting your files back.

A lot of information to the actions of this threat are openly readily available, but I wished to touch on that Ziften consumers are protected from both the EternalBlue threat, which is one system used for its proliferation, and even better still, a shot based upon a possible flaw or its own type of debug check that removes the hazard from ever performing on your system. It could still spread out nevertheless in the environment, however our defense would currently be presented to all existing systems to stop the damage.

Our Ziften extension platform allows our clients to have defense in place against certain vulnerabilities and destructive actions for this risk and others like Petya. Besides the particular actions taken against this particular variation, we have taken a holistic approach to stop particular strains of malware that conduct different ‘checks’ versus the system prior to executing.

We can also utilize our Search capability to try to find residues of the other proliferation strategies used by this danger. Reports show WMIC and PsExec being used. We can look for those programs and their command lines and usage. Despite the fact that they are genuine processes, their usage is typically uncommon and can be notified.

With WannaCry, and now NotPetya, we expect to see an ongoing rise of these types of attacks. With the release of the current NSA exploits, it has offered enthusiastic cyber criminals the tools needed to push out their items. And though ransomware risks can be a high commodity vehicle, more damaging risks could be launched. It has always been ‘how’ to get the hazards to spread out (worm-like, or social engineering) which is most challenging to them.

UK Email Security Breach Highlights Design Insecurities – Charles Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

 

In the online world the sheep get shorn, chumps get chewed, dupes get deceived, and pawns get pwned. We’ve seen another great example of this in the recent attack on the UK Parliament email system.

Rather than admit to an e-mail system that was insecure by design, the official declaration read:

Parliament has robust steps in place to safeguard all of our accounts and systems.

Tell us another one. The one protective procedure we did see at work was blame deflection – the Russians did it, that always works, while implicating the victims for their policy infractions. While information of the attack are limited, combing numerous sources does help to assemble a minimum of the gross outlines. If these descriptions are fairly close, the UK Parliament email system failings are atrocious.

What went wrong in this case?

Rely on single aspect authentication

“Password security” is an oxymoron – anything password protected alone is insecure, that’s it, irrespective of the strength of the password. Please, no 2FA here, might hinder attacks.

Do not enforce any limit on failed login attempts

Helped by single element authentication, this permits easy brute force attacks, no skill needed. But when violated, blame elite foreign hackers – nobody can confirm.

Do not carry out brute force violation detection

Allow opponents to perform (otherwise trivially noticeable) brute force attacks for prolonged periods (12 hours against the United Kingdom Parliament system), to maximize account compromise scope.

Do not implement policy, treat it as merely recommendations

Combined with single element authentication, no limitation on unsuccessful logins, and no brute force violation detection, do not impose any password strength validation. Provide attackers with really low hanging fruit.

Rely on unsigned, unencrypted e-mail for delicate communications

If opponents are successful in jeopardizing e-mail accounts or sniffing your network traffic, provide lots of opportunity for them to score high value message material entirely in the clear. This likewise conditions constituents to trust readily spoofable e-mail from Parliament, developing a perfect constituent phishing environment.

Lessons learned

In addition to adding “Good sense for Dummies” to their summer reading lists, the United Kingdom Parliament e-mail system administrators might want to take additional actions. Reinforcing weak authentication practices, implementing policies, improving network and endpoint visibility with constant tracking and anomaly detection, and totally reconsidering secure messaging are recommended actions. Penetration testing would have revealed these fundamental weak points while staying outside the news headlines.

Even a few intelligent high-schoolers with a totally free weekend might have replicated this attack. And lastly, stop blaming the Russians for your very own security failings. Assume that any weak points in your security architecture and policy structure will be penetrated and made use of by some cyber criminals somewhere throughout the global internet. Even more incentive to discover and fix those weak points before the hackers do, so get started immediately. And after that if your defenders don’t cannot see the attacks in progress, upgrade your tracking and analytics.