As Technology Changes Faster “Remember The Basics”

I like Jonas Bjerg’s YouTube video of “How Abundance Will Change The World”

Elon Musk  predicts 100 Gigafactories in the world(of which he will build 4)

Peter Diamandis  and Elon were at the World Government Summit 2017.

Cost per Genome is going down and has gone down exponentially.

Quick review of video: ‘So robots will take over, the world will have abundance and people will lose meaning (having lost their jobs)’.

So what will happen to friction of all this? When have you known people to actively agree 100% with how technology has gone along?  As usual there is no thought to security.

What about crime?

I know, I am in Cybersecurity field, and to me it is simple to see, when “some” people lose their jobs to robots, they may become hackers and either create new crime syndicates, or work for an already successful syndicate.

Maybe I want to make more money than from the Universal Basic Income that some are proposing once many of the drivers and doctors are out of a job. How will I make more money? by figuring out a way to get a piece of the cyber slice$ that is around “in abundance”

Then we have a Dark Reading post ‘Back to Basics’ Might be your best Security weapon

Here Lee Waskevich’ commentary points out what I have said for many blogposts: We must focus on the basics first then we can point out the more advanced issues.

So let’s train our employees to find the scams in our mailbox (email and mail)  SCMagazine points out a survey that found 32% of Britons would become a money mule for criminals.  The issue is that unemployed people talk themselves into many things, especially if they have no previous arrest records.

In this Blog we know that people do illegal things and companies and people must defend themselves appropriately. Even as technologies become increasingly complex with more robotics and electrification of everything. (I always wonder why we focus on Cybersecurity AFTER a breach has occurred).

Let’s put 10% of our efforts into Cybersecurity and then we will be better off. Contact Us to review your Cybersecurity profile.

Ok, that’s good, but what about the Crypto Currency craze? There will and are thefts here – Hot for Security has a story on how $400k was stolen in BlackWallet application using DNS, and as you can see right now 1/16/2018  13:30 the site is down.

So what does that mean? If you are involved with money and even crypto currencies you better be testing your environment for cyber attacks.

Patch Tuesday: Keep in Mind X, Y, and Z

Jan 9th was patch Tuesday: the day Microsoft designed to accumulate patches and release them on a regular basis with some kind of schedule.

Otherwise patches would be released whenever problems are solved. So this would be good in some ways(why not resolve problems as soon as practical) but the problem is this release schedule of releasing 1 or 2 patches every few days would make IT planning a mess.

As it is new critical problems may get release on an out of band release date. Such as a different  date as the second Tuesday of he month. (Like this month’s CPU bug released on Jan 3rd)

So we have a set schedule now of a number of accumulated patches which we can schedule around.

Trend Micro said Out of band patches were released by Microsoft January 3rd.

TrendMicro security update summary   

Kaspersky lab security update compatibility summary

Microsoft January 2018 security updates release notes date 1/9/18

“Meltdown” CVE-2017-5754 CVE – Common Vulnerabilities and Exposures

“Spectre” CVE-2017-5753 & CVE-2017-5715

***UPDATE – 1/12/18***

Intel has issued patches at it’s download center

AMD also on its official response

 

I have reviewed CVE before on this blog: http://oversitesentry.com/hackers-please-attack-us/

There are hundreds of CVE’s per year – so this is just the beginning for this year – prepare for a long year of patching.

CVE-2018-0797 is also a bad CVE as it is a Microsoft Word Critical vulnerability with remote code execution, so you have to update Office as well.

Keep in mind, you are not just patching the CPU bug this month, also Office bugs/vulnerabilities and others (including Adobe Flash) it is called the APSB18-01 vulnerability.

Keeping in mind all software may get security or other bugs and then you should update. This process of updating on a consistent basis needs to be planned

X: 2nd Tuesday of month releases most patches – plan for testing and subsequent weekend patch updates on production systems.

Y: Out of band critical releases may disrupt this schedule, so always have a few days available for critical vulnerabilities

Z: Do not forget Office and other applications that users use, these applications are usually in the 2nd Tuesday of month release.

 

Always look for remote execution vulnerabilities first.

I decided to pick out the remote code exec  in a spreadsheet initially created by Ghacks.net

Notice, most of the remote code execs are from Office, there are a couple for Share Point server

Create your own security policy and timeline to patch – contact us to help you design what is right for your circumstances.

 

Updated 1/12/18 to add latest Intel and AMD information

Inoculate your computers from the Cyber Criminals

Cyber Criminals are developing new ways to attack and make money. Like all industries they want to make more money this year too. We have to learn to inoculate our computers so that we have as low a chance as possible to get infected.

We have to find ways to make this goal of theirs as difficult as possible.

This year I will lose 5 pounds –
This year we will make more money with plan ABC.
Funny thing about our aspirations, they seem to be hampered by our past decisions(I should not have eaten that extra piece of cake).
Or in Cybersecurity:
I know we did not patch these 5 computers, but the risk is low so we did not make the effort.

And lo and behold a new Intel Processor bug or flaw has been found(today 1/3/2018) that unfortunately is present in all Intel processors since 1995. Ars-Technica has a good explanation of this complex bug that ultimately needs to be patched by all Operating Systems. So look for this in the next patch update in your operating system patches.

There is a database in CERT that uncatalogued vulnerabilities:

At US-CERT number VU#584653 and the CPU bug has bene called ‘Meltdown’ and ‘Spectre’

New update — Google’s Project Zero found this bug last year sometime and disclosed it to manufacturers(Intel, AMD, and ARM). It seems AMD also has a variant of this bug.

This is a typical issue, as the computer manufacturers, and their peripherals are constantly running into old bugs. and racing to fix the bugs with patch updates. So there is a constant Bug -> Patch Update  process that leaves us always marginally secure even if we update on a regular basis.

In this particular case of the Intel bug, there is no patch from Microsoft yet (Day30 in my image below) it should come in 2nd week Tuesday January  9th. And likely the hackers have not developed malware yet. But for everyone that does not patch in the future (there are at least 20% of computers that do not patch on time) they will get hacked.

So as we discussed in the past in “From Vulnerability Found to Patched Safe”

The issue is to patch on a regular basis even though one has to reboot and lose capability(in this new patch resulting from Intel bug the system will run slower). In security one may want to have several different computer types even though that does not make it a “standard setup”.

 

To reduce Cyber Risk one may not be doing efficient actions, but it is an age old problem of more security == less function.

You can’t just walk out the door, you have to stop and use some time to find your key and lock the door.

In computers we have to patch computers and sometimes the patches are old patches  that have been around for ages, and if you do not patch a hacker will use a trick to hack you, use your computers for their needs.

 

Contact us to develop a process for you that will ensure your systems are patched properly.

 

January 4th: Added Google Project Zero information.

What will 2018 bring to Cybersecurity?

Happy New Year 2018 very soon!!!

This is a good time to review the technologies that are shaping our lives which means what to Cybersecurity?


Amazon, iPhone devices, Android devices… these are technological breakthroughs that are quickly changing their technological landscape to either enhance user friendliness and features or to be the better brand or flagship product type in the technological category they belong. This means more Internet connectivity, not less.

What does more Internet mean? Does more function mean less security? Based on statistics, one thing is for sure, this means cybersecurity will be more important in 2018. Because as you will see more connectivity means a ripple will cause more problems, so we _have_ to focus on cybersecurity a certain amount or this decision of apathy to cybersecurity will cause you regret.

If we look back to the year 2015, in one of our blogposts, we discussed the relevance of the Cisco VNI (Visual Networking Index) forecast. In 2015, the projection as to how many devices will be connected to the Internet to be an immense 24 billion devices by 2019. Current day VNI projection are showing a much larger number than the 2015 projection, with numbers now at 29.1 billion, although closer, we should get even better projections as time goes on.

What is the relevance of this then? It means the number of connections to the Internet has grown exponentially, no mention of the data usage we have when plugged in to the net. More devices, means more occurrences of net usage. More net usage means a wider variety of data transfer and traffic. More data traffic means more open opportunity to risk factors that may lead to higher risk in cybersecurity.

What is alarming is when we think about how much of that number is criminal traffic and how much of that is checking your defenses. We want to advance to a new level by increasing capabilities but we may be overlooking that more capabilities mean more chances of risk. In many cases, we don’t see the possibilities of where risk may come about, because we are focused on making it work or creating revenue. So do we see the increase of possibilities and opportunities that we have increases technological capabilities and Risk analysis complexity?

That is why, developing a risk analysis process is important. It is not only a review of how much and what kind of Internet occurrences you have but a check on the data load you use. Alongside this realization of data transfer, it is pertinent that you do optimal checks and create regular controls updates within your your organization. Having an external risk auditor will help a lot in knowing how much more protection you need to uphold or how much risk oversight you need to work on. If you value the investment you have worked on, it always pays back to also value its maintenance through cyber protection. Contact us, to learn more.