The Enemy Has Say With Your Best Plans

In the field of Cybersecurity we have to do a lot of basic things: as discussed in Behavioralscientist.org

So what is your plan?  Firewall, Antivirus, IT people vigilance, updating devices and software…

What are your enemies’ plans?

When your enemy actually interacts with your employees it  shows.

There are always business level threats (where employees are spoofed) or  (vendors are spoofed).

Do you have a new device with Machine Learning? (a basic type of AI (Artificial Intelligence).  Then the enemy will do something to counteract that.

Adversarial Machine Learning.  It will go against your ML goals, and will try to eventually corrupt your goals by adding faulty data and thus changing your assumptions of the data set.

Another way to use Adversarial Machine learning is to use this method to ‘teach’ your ML to get better  results. It turns out that some ways of GAN (Generative Adversarial Networks) do just that.

For Example:  “Adversarial Machine Learning at Scale” paper from Cornell University   First sentence:

“Adversarial examples are malicious inputs designed to fool machine learning models.”    

Improving the ML learning models if done right. This method has not been used by criminals, as they are still figuring out how to incorporate this in their attacks.

So they may not use this as an adversarial attack, instead they may devise ML attacks which will be hard to distinguish and will become better faster.

Ian Goodfellow (the guy who created GAN – Generative Adversarial Networks) has used the adversarial nature to make a better AI algorithm. Where has this already worked?  Initially he was looking for a Security reason within the AI world, and when he created GAN, it was obvious that he was making AI better.

Who would have known, but AI is creating new images of cats that are entirely  ‘fake’ or better ‘artificial’. the algorithm created a new type of cat picture where needed.

Meow Generator ML algorithms that design cat pictures.

So what does this really mean? Fake pictures of people, animals and other items will start to proliferate.

It remains to be seen how this aspect of AI is actually going to be useful.

Do you want to test ML for Cybersecurity?

We are developing new tests for AI and ML – contact US to discuss.

Malware, Routers Injected, Stolen Identities, Just Another Cyberday

A few headlines in a day or 2 – are typical day at the Cybersecurity Office.

 

Verizon Routers command injection flaw could impact millions of routers. High Severity flaw CVE=8.5.

“The vulnerabilities exist in the API backend of the Verizon Fios Quantum Gateway (G1100), which supports the administrative web interface.”

Exodus Spyware attacking Apple iOS. It is interesting what started as an Enterprise tool to do surveillance or some other control of the Apple devices was turned into spyware by the bad guys.

“Several technical details indicated that the software was likely the product of a well­-funded development effort and aimed at the lawful intercept market,” researchers said in an analysis shared with Threatpost

2.4 million Blur password manager users exposed   since a server exposed a file containing sensitive information about Blur users information (name, email, password hints, encrypted Blur password).

The hits just keep on coming. We are bound to have more data breaches this year 2019.

So what does it really mean? Is there a higher threat level today versus yesterday?

Here is the Internet Storm Center Infocon status:
Internet Storm Center Infocon Status
So even with more breaches the Internet still has a Green level…  This is the explanation of ISC:

“The intent of the ‘Infocon’ is to reflect changes in malicious traffic and the possibility of disrupted connectivity. In particular important is the concept of “Change”. Every host connected to the Internet is subject to some amount of traffic caused by worms and viruses. However, once a worm has been identified and the number of infected machines is no longer increasing, this traffic is not likely to cause any disruptions.”

But what does the effect of all of these breaches have?  I can hear the business people talking… None of these companies went out of business so why should I upend my business, spend a lot more money to do things more securely?

Do we always have to do things only to make more money? How about doing what it takes to make sure your customers do not have to spend time fixing their credit lives after a breach?

 

Remember even Windows10 has a lifecycle and will not update patches after a certain date:

Contact Us to discuss how to avoid getting a breach in the first place.

 

No Mas- Uncle!!! IT Departments Under Siege

We are inundated with constant headlines

Thousands and sometimes millions of records stolen by hackers(the bad guys).

In fact the worst breaches are health records as in this article at Forbes.

“The number of annual health data breaches increased 70% to 344 over the past seven years, with 75% of the breached, lost, or stolen records – 132 million – being breached by a “hacking or IT incident,” a nebulous category created by the government that doesn’t appear to distinguish malicious theft from accidental loss.”

The difficulty of people losing control of their health records has not been felt yet. What will happen when a ‘fake’ medical record already received your monthly pharmaceutical allotments?

The crush of constant attacks and patching environment in the IT department causes much stress.

We have monthly patch updates for operating systems (Microsoft Windows) and the underlying software (MS Office, Adobe, Java, Financial SW, Cisco and others).  The patches and vulnerabilities never end.

Next month there are new vulnerabilities and new ways that an attacker can achieve their aims.

Here is a snippet of the CVE Details website  

Since 1999, there have been 112364 vulnerabilities, sometimes 16k in one year. This is a huge crush of constant updates in the IT departments of the world.

There is only so much time to install patches, to make sure the servers and systems are operating. So sometimes we have to make risk assessments:

Every department has to decide which systems to fix first. Make the decision with Risk – Impact analysis. I.e. which system if compromised will create more problems than other systems.

This constant crush of patching is exacerbated the more systems one has. As systems are not standardized the patching gets more complicated and vulnerabilities pile up.

So why do i say No Mas(No more)? It is because there is no end to the tough schedules, there will always be off hours patching, and off-hours work. No matter your personal lives or otherwise issues that arise in a regular life.

Having someone check on whether your systems are properly patched can help, as the high vulnerabilities should be the highest priorities. from there the medium vulnerabilities should be tackled. For PCI compliance one must work and resolve any vulnerability over 4.0

Contact Us to discuss

Windows10 Obsolete already?

Is your Windows10 version obsolete already?  there are many versions of Windows10 and it depends on when it was released, example – the first one version 1507 released July 2015 has a end of service date of May 9, 2017.

The problem is every software manufacturer  Can’t or doesn’t keep releasing  vulnerability updates forever. The reason has to do with structural and other programmatic changes that would make some updates very difficult to incorporate. In fact in some cases it would be a herculean task to make changes, so it is a monetary and feasibility reason as to why there is and end of service date.

Now that you know that there is an “end” date what needs to be done?

Update to new version of Windows10!!!

Here is the lifecycle table for Windows10 versions from support.microsoft.com webpage

So as an IT user or professional we must learn the technical nature of our devices. Microsoft does not want to issue a version update like in years past:

I.e. version 3.0(1990) with first multi-task abilities, then 3.11 with networking. When 4.0  was due that became WindowsNT and 95.  As the marketing team took control of the naming of new Windows Operating systems the version changes(1.0/2.0/3.0/4.0) were not reflected in the names, only as an additional “version” number.

My version is relatively new (released April 2018), so I have until Nov 2019 until I _have_ to make a change.

Now Microsoft is at Windows10 and with a 4 digit version number.  The actual numbers do not have a significance except that it tells you when it was released and when it will have end of service life only if you look it up in a Microsoft End of Service Table.

There is another reason to keep a close eye on this End of service date, as once the version is obsolete, no more updates will be made and you are out of compliance with your systems.

At the Microsoft End of Service webpage there is an interesting sentence:

“Some editions1 can defer semi-annual feature updates at Settings  >Windows Update >Advanced options or via a policy that an organization’s management system may provide to the device. On devices that haven’t been configured for deferral, you’ll need to install the latest feature update to help keep your device secure and have it remain supported by Microsoft. New versions may be automatically installed prior to the end-of-service date of the current version on your device.

1 Home edition does not support the deferral of feature updates and will therefore typically receive a new version of Windows 10 prior to the end-of-service date shown.”

So in theory the windows Update will update the Windows version before it expires and no longer updates on its own. But for those of us in IT that have managed hundreds of systems, not all systems update correctly. You cannot assume all systems will updates on their own.

It is best to have someone review your systems which can be done in an automated fashion by scanning the systems. If an old Operating system is present the scan will reveal a high vulnerability (10 out of 10).

Since the system will not get any more updates, the system has to be initiated to upgrade.

Contact US to help you with this process

Headless OpenVAS install

I needed to run OpenVAS (OpenVAS stands for Open Vulnerability Assessment System) the Linux based vulnerability management software on a virtual machine, which means it does not have its own monitor that one sits at to see this screen:

OpenVAS is made by Greenbone, “which develops OpenVAS as part of their commercial vulnerability management product family “Greenbone Security Manager” (GSM). “(from their main web page:)

OpenVAS was developed out of the Nessus code base since 2005, now at github.  The developer of Nessus decided to make Nessus closed source(proprietary) in October of 2005, so openVAS was created and initially named GNessUs.

Why am I talking OpenVAS today? Because I was tasked to install it on a virtual system.

So, one has to install OpenVAS (or update on some Linux distributions since it is already installed by default).  So I work with Kali Linux,  since I use a lot of other tools that are built into the distribution. I wanted to keep some familiarity and so run OpenVAS on Kali Linux.

What are you installing? Several pieces that will need to run on the virtual machine:

As you can see in the image above the Greenbone Security Assistant is software that connects to the OpenVAS Manager and Scanner to run the scans to the targets. OpenVAS uses NVTs(Network Vulnerability Tests) to run the scans. Up to this point (3/18/2019) there are over 49600 tests. CVEs now number 115906.

So in a standard kali Linux install one has the OpenVAS version that comes with it, so to use OpenVAS you have to upgrade Kali first using the following commands:

apt-get update && apt-get install openvas

So now that you have the latest version on your machine how are you going to access OpenVAS? since you cannot sit at the monitor of a virtual system (or what is called a headless install).

 

After some (actually a lot) of review online and some tinkering I found it useful to know some systemd.  And it just so happens that systemd has several configuration files in a few directories:

/etc/systemd/system/*

/run/systemd/system/*

/lib/systemd/system/*

 

The one that is important and relevant for OpenVAS is the /lib/systemd/system directory.

In here there are 3 files that are of importance:

Openvas-scanner.service

Openvas-manager.service

Greenbone-security-assistant.service

What we have to do to make the installation complete is to replace the ip address of the virtual machine to the greenbone-security-assistant.service file.

Specifically

change it in this manner, run the following command(changing <your ip> to the virtual system ip address):

Sed –e ‘s/mlisten=<your ip>/127.0.0.1/g’  greenbone-security-assistant.service

Example the virtual system ip address is 192.68.0.1  so this is what should be run:

Sed –e ‘s/mlisten=192.168.0.1/127.0.0.1/g’  greenbone-security-assistant.service

After running this command you have to run the following:

Systemctl  daemon-reload

(these commands need to be run with root permissions(sudo))

So once the ip address is entered in command line, and the systemd file .service file reloaded you can restart the gsad  and then log into the web interface assuming you already set up the users.  To access the Greenbone-security-assistant program enter the following in your browser:

https://192.168.0.1:9392

From there you will have to learn how to create scans and more.  But at least it is working remotely.

There is also a small issue with this procedure, it is not supported by Greenbone, they want you to install the Greenbone community edition

The security feed is more stable than the community feed (the free version) and has encrypted transmissions.

Contact us to discuss