A threat actor that goes by the name of “La_Citrix” inadvertently infected his own computer. Cyberthreat research firm sent his information on to law enforcement.

The post Attacker ID’ed After Infecting Own Computer With Malware appeared first on Security Boulevard.

The post How to Break Into a Cybersecurity Career – Phillip Wylie appeared first on Shared Security Podcast.

The post How to Break Into a Cybersecurity Career – Phillip Wylie appeared first on Security Boulevard.

The Legacy of The Hacker Manifesto Read More »

The post The Legacy of The Hacker Manifesto appeared first on Security Boulevard.

Smart Phone, Smart Watch, Smart Pay, Smart?

How safe is smart?

The idea of never needing to carry cash or debit cards looks pretty appealing, right? Never worry about someone trying to steal your traditional wallet and hard-earned cash bills. Or maybe someone attempts to jack your favorite sports watch in favor of a Rolex on the person next to you.

The idea of everything “smart” only means that we are trading in what we perceive as “unsafe or at risk’ by carrying some cash with us or maybe even wearing an expensive watch.

Smart devices are capable of accessing far more than a few dollars in our wallets left over from the last payday.

How safe is it to move to “smart” everything, especially with ransomware, account takeover, and denial-of-service attacks against financial and healthcare systems? Even with credit card companies adding layers of protection to the cards and devices, is the intelligent method of contactless payment cards safe?

Yes, you are carrying less in your wallet and purse. If someone steals your wallet or bag, your life does not come to a screeching halt. Losing an intelligent device is far-reaching implications.

With intelligent devices that grant us the ability to “smart” pay at the checkout and execute peer-to-peer payments along with a simple scan and pin, you can purchase pretty much everything.

Yes, there is electronic pickpocketing in Paris.

Once I rode the elevator to the top of the Eiffel Tower in Paris. News reports and signs hung everywhere, “beware of pickpockets.” In the men’s bathroom, someone attempted to steal my wallet in my front pocket. Impressive, yes; however, most of my real stuff sat in a secured compartment inside my pants. Now, for a moment, is it possible I could be a victim of “digitally pickpocketing?” Of Course!

Being digitally pickpocketed is possible with an RFID scanner. Many credit cards have placed encryption protection and smart chips on cards to help stop someone from skimming your credit cards.

What else do you have on your smart device worthy of being stolen by a digital pickpocketer? Banking applications, financial services applications, healthcare portal applications, and Instagram, Facebook, and Linkedin. Do you have the proper security features available on your smart device to protect your data?

Preserving your smartphone, watching, and ensuring multi-factor authentication on every high-risk application helps protect your device. Backing up your phone to the cloud is a smart idea. If your smart device gets stolen and the hacker attempts to reset it back to factory default, you can set your phone to auto-wipe all data. Once you notify your carrier, you can acquire a new one to restore your data.

Going on in on “smart?” Sure, once digital currency and electronic payment are the game in town, we will all depend on the network’s security to protect everything we own. “Oh boy”

Until then, I will always carry a few dollars and a shielded ATM card in my wallet, just to be “smart.”

All the best,

John

The post Smart Phone, Smart Watch, Smart Pay, Smart? appeared first on Security Boulevard.

What is in Your SOC?

Offensive or defensive culture for SecOps- becoming purple?

Organizations developing a Security operations center(SOC) should consider which strategy they should adopt based on available cybersecurity professional resources: offensive or defensive?

Both strategies organizations hope to become interchangeable; however, this idea rarely works out well. The decision to develop a SOC strategy should consider the following attributes:

• What is the makeup of the personnel in the organization? Are they experienced cyber warriors or recent additions to the cybersecurity field or resources moving over from traditional IT roles?
• What is the role and engagement with risk management to determine the business requirements for the SOC?
• Does the company leadership understand the importance and value of investing in their resources to align with the SOC culture?
• What is the organization’s approach to threat management?

Understanding offensive SOC culture

At the beginning of each fiscal year, corporate finance disburses the approved operating and capital budget for the following year. Except for a few “off-the-books” emergency budget requests to cover things cybersecurity insurance claims the provider did not pay, the CISO and CIO pretty much know how many “swords” they have to work with to support 24x7x365 security monitoring and operations.

As an organization, knowing you only have “ten swords” to deal with every possible cyber security threat in the coming year, how do you then deploy your resources?

Offensive strategy

Even if your organizational SOC culture is supposed to focus on risk reduction, do you deploy your “swords” in a defensive position as a 360-degree circle, or do you point all your “swords” in the same direction?

Being an offensive strategy-minded SOC focuses on a more proactive approach to security. This strategy has DevOps, SecOps, and NetSecOps security team members with experience in the following disciplines:

• Threat hunting and threat intelligence
• Threat modeling with expertise in adversary techniques
• AI & ML predictive scoring with advanced security analytics
• Extensive experience with offensive cyber tools for counter-attacking hackers
• Leverages honey pots and autonomic security operations
• Invests into XDR and with a centralized telemetry strategy
• Hires and retains several certified ethical hackers (CHE) resources in house.
• Investments in continuous vulnerability scanning
• Enabling the MITRE ATT&CK framework extensively and Lockheed kill chain

This strategy focuses on stopping, preventing, and being aggressive while being proactive in supporting government regulations, compliance requirements, and the overall impact of cyber-attacks. The team members should also have cross-sections, overlapping skills, and experiences to align with the offensive culture.

Defense Strategy

How would they deploy these resources with the identical “ten swords” to support a defensive strategy? How will the organization be protected if you’re deployed your swords in a 360-degree circle designed to “react and protect?”

What disciplines and experiences resources would you need?

• Incident response expertise inside of a security operations program
• SOAR automation expertise supporting an adaptive security architecture
• Crisis management expertise supporting agile response processes
• Domain-specific expertise — identity management, network security, application security
• Process-driven- results-oriented management experience
• Leveraging traditional SIEM technology for reporting, analyzing, and root-cause analysis
• Enabling tools, including MITRE ATT&CK framework

This strategy focuses on detecting, responding, and optimizing. Similar to the offensive strategy, hiring and retaining qualified resources is a considerable challenge for any organization.

The role of risk management in determining which strategy aligns with the organization.

Companies that choose the offensive or defensive strategy face similar risk implications — retaining qualified talent and having resources to respond to an increase in attacks against corporate assets while assisting in keeping cybersecurity insurance premiums lower.

What is the current overall risk composite of the organization? Is there a specific area of the enterprise that is more prone to risk? Which model will help reduce the risk without introducing new attack surfaces?

Risk of deploying an offensive strategy for a SOC

Being on offense has many advantages. Your limited amount of “swords” is focused on stopping an attack before the event happens. Leveraging threat modeling, pen testing, vulnerability scanning, and predictive analytics, this team is aggressive in investing in techniques and enabling a “counter-attack” culture against the cybercriminal.

With a limited of “swords” all pointing in the same direction, where is the exposure of risk to the organization?

What resources protect the scrum from behind or the side if all the “swords” are pointed in one direction? How will the offensive team respond? Will this cause a breakdown in offensive activities? Do offensive security engineers have the experience to deal with response, and reactive skills, while having patience with tedious tasks?

In the defensive strategy, what is the risk of having all the “swords” in a protective circle? This team is in reactionary mode. What is the chance for the organization for this strategy? Knowing that this team, similar to the offensive side, only has ten swords, thanks to the ever generous CFO and COO. In time, the ten swords become overwhelmed with the volume of attacks, and the circle breaks down. Like a brute force attack or a denial-of-service, once one “sword” is overcome, the entire defensive circle becomes exposed.

What is the role of an MSSP?

The role of a managed security service provider is essential for both strategies. If the organization is more “offensive,” leveraging managed services to become their detection and response team will help provide a much-needed balance with response capabilities. If the organization is more “defensive” in nature, what role could MSSP play?

MSSP augmenting an organization’s offensive security requirement also is very relevant. This dynamic helps promote an external “red team” against the internal “blue” competition. In the end, the organization achieves a “purple” culture. Both teams collaborate while maintaining the separation of duties. Purple has become has in many organizations as the new security operations model. Many organizations are slowly adopting a purple cyber security strategy. CFOs and CIOs realize the importance and value of the purple culture when dealing with cybersecurity while reducing risk and attack surfaces in the organization.

How does one choose between offensive or defensive?

Risk management, available resources, compliance mandates, and financial capital are critical in determining which strategy aligns with the organization. The offensive process required more experienced threat modeling engineers, experience dealing with real threats, ethical hacking, and AL & ML expertise. These resources need higher salaries and compensation plans to help cover their extensive credentials and certifications. Pairing up with an MSSP, the cost of outsourcing that portion of the strategy will be less compared to the defensive model.

By enabling the defensive model, the salaries and experience leverage will be less costly. Many engineers in the defensive model will be experienced in traditional security operations, rapid response, operational technology, and technology systems management. Many new people entering the cybersecurity field will mostly end up working in security operations. Outsourcing the “red team” will be more expensive than hiring a “blue team.”

Ultimately this decision comes down to the organization’s willingness to hire, retain, compensate, and invest in experienced cybersecurity warriors that can operate as “one.” Not as ten individual “swords” backed by outsourced, SLA-driven firm doing their best to help the organization do their best.

“Invest in your people; they, in turn, will invest in their organization.”

That is the secret to better cybersecurity!

People protect people!

All the best,

John

The post What is in Your SOC? appeared first on Security Boulevard.

While next-gen firewalls (NGFW), extended detection and response (XDR) and other security solutions do a great job of detecting and thwarting cyberattacks, it’s just too common for a sneaky or camouflaged threat to slip through into the network. Heroic efforts by the security team are then required to mitigate the damage and remediate the vulnerabilities...

The post The Power of Provenance: From Reactive to Proactive Cybersecurity appeared first on Security Boulevard.

Geopolitical Cyber Attacks — The New Battlefield

The new battlefield on display in the conflict between Russia and Ukraine war shows a progression of cybersecurity tactics revolutionizing the overall attack plan. Cyber warfare, previously viewed as a secondary asset in time of war, has become a critical initial threat vector against an opponent.

Cyber assets deployed in an initial early stages of the battle plan could include remote access tools or RATS, keyloggers, or rootkits on non-essential hosts. These pre-deployed tools are placed years before the actual battle could take place. Even with modern cyber capabilities around EDR, XDR, anti-virus updates, some of the dormant attack tools could go undetected for years. Combined with social media propaganda, social engineering targeting, and email phishing attacks, these threat vectors could change the course of the battle well before a single shot is fired. Compared to actual military hardware, the attacking forces are disclosing their capabilities, tactics, and expected outcomes, the battle becomes predictable. Cyber attacks create an unpredictable dilemma in the conflict.

No longer is the battle fought with soldiers and weapons facing off against each other. Cyber warfare enabled a virtual army of combative resources from across the world. Regional security alliances, global terror groups, and cyber criminals for hire can mobilize in minutes to enter the digital field of battle on any side. Sometimes, these virtual cyber warriors could switch alliances without warning.

Predicting the unpredictable?

The survivability of the infrastructure, moments after the battle begins, is measured in microseconds. As witnessed in recent global conflicts, many countries lack the means to counter-attack against the cyberattacks because of aging infrastructure or response plans. As reported in Reuters, the President of Ukraine, requested help from the Kiev cyber underground to help fortify the country’s cyber defense capabilities. The call for help highlighted the sense of urgency by Ukraine to address the early cyberwarfare tactics Russia successfully deployed. Already adding to unpredictable moments of the war, rogue hacker groups previously being hunted by their own government now became the stopgap to save their own country. Anonymous, a well known global hacking consortium, joined the battle by directing their resources against several Russian targets. By Anonymous entering the field of battle as a 3rd party participant, this added to the complexity of the battle. Did Anonymous join for the good of Ukraine or only to support their own ideology? More importantly, what happens if and when the cyber for hire warriors change sides, what hacker tools could they leave behind buried within the networks of their current sponsor?

Attack on the lifeblood of the country

Attacks on critical infrastructure, including water control systems, power grids, and national computer networks, are unknown. Most of these industrial control systems live in closed loop air gap networks with very limited access outside of their isolated environments.

According to a survey in CisoMag,84% of organizations have deployed IoT devices on their corporate networks, and more than 50% don’t maintain the necessary security measures beyond default passwords. Many IOT/OT/ICS devices do not have enough physical device capacity to load classic IT security prevention tools. Most firmwares devices focus on the functionality of the component with minimal onboard security protection. Historically, these devices often sit within a closed loop network or air gap environment. Traditionally, these networks were not connected to outside or to the internal corporate IT networks. Access to these devices were either done at a local terminal or direct connection into a serial port.

Protecting physical infrastructure is transforming. OT/ICS systems lived within a closed loop network for years with the need to communicate outside their protection zone. With the advancement of the Internet of things and the increase in analytical data analysis, these devices have moved up from the Purdue manufacturing model to a level that opens these devices to external communications. Previously, these platforms rarely are exposed to classic IT attack vectors. These industrial control infrastructure support teams spent more time on keeping these specific control units operational and less time understanding cybersecurity threats.

The SECOPS and NETOPS team learned early on that business and technology requirements for classic IT and OT did not always translate into the same security strategy or operations procedures. OT systems require extensive planning and execution to perform firmware updates and downtime. In legacy systems, many OT systems have very little in the way of failure and are highly available, similar to the classic IT systems.

Can the typical SECOPS work stream enabled today be based on detecting first, responding, and correctly protecting these assets moments after cyber? Mostly like, no.

Movement towards predictable adaptive control for OT/ICS/IOT environments

To meet the challenges of the new battlefield, OT/ICS/IOT systems need to live in a pre-defined compartmentalization strategy ensuring the survivability of the system while still delivering the expected service from the device. The ability to isolate, contain, while delivering a next generation level of security by defining a predictable protective zone with the ability to contain an outbreak is a welcome sign of this environment.

John P Gormally — Freelance writer, Cybersecurity veteran, blogger, global cyclist, fictional writer, Founder of cyclerwriter 3 espresso coffee company,

Jpgormally@gmail.com

The post Geopolitical Cyber Attacks — The New Battlefield appeared first on Security Boulevard.

The post Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Korea’s Internet appeared first on The Shared Security Show.

The post Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Korea’s Internet appeared first on Security Boulevard.

The post British man arrested in connection with Twitter mega-hack that posted cryptocurrency scam from celebrity accounts appeared first on The State of Security.

The post British man arrested in connection with Twitter mega-hack that posted cryptocurrency scam from celebrity accounts appeared first on Security Boulevard.

Why do hackers use the same methods over again?”

“Repeating oneself and expecting the different result” is the clear definition of insanity. Yet, hackers for 25 years have similar tactics like brute force, zero-port attacks, and even my favorite; social engineering. Yet, many times the hacker sees different results. In some cases, they could similar results depending on the target. Password spraying, tailgating, and my all time favorite, “phishing” still very much work today even with the growth of email security.

As more systems have moved to the cloud, clients today have a greater risk than ever before. Even with improvements to single sign-on, SAML, and MFA, hackers still find a way to use people’s credentials. Then how will this tidal wave change? How can hackers be stopped? Well, the FBI reports that greater 84% of hacks still continue to from internal resources. Disgruntled employees, contractors, vendors, and outsourced providers to continue to feed that statistic. Yet, even with the most comprehensive security training, people will be people and make mistakes. The idea of limiting the access to the data is a novel idea. Yet, people need access to the data to do their jobs. No matter how complex INFOSEC has become, companies should consider investing more into “employee well-being” and less about the top-end hyper growth revenue models.

Yes, money is important to the employee. Hackers know this. They steal people’s identity and study their victims credit report and bank information. Employees want to feel needed, appreciated, and respected. Those corporate traits may show up on the “new hire handbook”, yet most employees leave a company because their bosses have forgotten those principals.

What costs more? A cyber attack or a high employee turnover as a result of poor leadership? The perfect storm is when both of these catastrophic events happen at the same. Hackers follow the news, see the highlines, and read the “Glassdoor reviews”. They know which organization is having turnover issues and they use some “old school” social engineering to learn more about who is leaving the company. Not rocket science, yet this method of cyber attack still works , 25 years later :).

The post Why do hackers use the same methods over again?” appeared first on Security Boulevard.