Category: securitycommunity

Why Would Someone Want to Attack Me?

We see a lot of headlines in the news, but it stems from the nation states attacking.      Youtube video from Black Hat Asia2018

China attacks specific companies.

Russia also attacks in cyberspace and it culminated when Russia attacked Estonia 2008, also the next year a military physical attack in Georgia with a Cyberspace attack as well.

Snowden disclosed the US attack of Stuxnet into Iranian centrifuges.

This is a ‘right’ of the nation state attackers using their knowledge of Zero Days and encrypted keys.    Where the nation states say it is their right to attack other nation states, because “no one will know” as it is not a physical attack.

Except this culminated in a Russian attack on power infrastructure attack where Estonia lost power for several days.

The side effect of Stuxnet was that other hackers(criminal etc) figured out how the attack was done, then investigated this possibility and eventually was able to create a new attack with malware for ransomware.

So what does this mean? It means that attackers  will eventually figure out the defensive flaws that one normally cannot see or notice.

the actual methods of inserting programs are varied, sometimes the user allows the software to run with spearphishing or just clicking on the wrong site on the Internet.

Above picture is from “Decentralized malware youtube video“.

 

The trust the private sector has in their computers between customer and company is not in the thoughts of nation-states attacking each other.

A side effect of nation states attacking each other is the need for better defenses for all, since we are all on the Internet. Once the knowledge of attacks comes out of the shadows the criminal hackers take a little bit of time and develop the attacks also.

So you may not look like you have anything to attack, but if you are on the Internet you will be attacked.

 

The only thing you can do is to create a defense that can handle even sophisticated attacks.

Contact us to discuss this phenomenon.

 

 

In a Russian Conflict: Cybersecurity another Dimension of Attack

(((4/19 update below)))

In that cybersecurity is another Dimension of attack  (versus Dimensions: Land, Air, Sea, and Space) how would we be affected by this dimension?

In Land one sees their foe most of the time, and if the enemy wants to take your stuff they have to physically take it.  (Or they try and send munitions instead via Artillery with limited range).

In Air one can take troops up and over your land and enemy land forces to drop them and take stuff. Munitions are able to  drop from remote areas, but one has to send missiles and airplanes where radar can see them.

In Sea one can move around with ships or submarines to drop people to take stuff. The munitions are sent via devices as well which are physical.

Space is also a dimension which although in a unique area, is also a physical dimension with physical munitions.

In Cyber how do you know if the enemy is not already in your  systems.  There is no need for enemy soldiers to leave their homes or their barracks, they can attack your infrastructure without moving. Control of your computers can be done automatically and it can look like a third party attacked.  Cyber has an electronic dimension so the fact that it is not as physical “or real” has made understanding this dimension more difficult for some.

So what does this mean? It means if you understand how to navigate a command line or can read custom code you can understand this phenomenon (Cyberwar) in ways a non speaker is not capable:

Maybe this analogy will help:

You know in Physics there is Height, width, and length?

What about the fourth dimension(and not time) :

It is hard for us 3D people to think 4D.  So that seems to be the same for people who do not live in Cyber, they just DO NOT get the details!!!   It does not matter how much I try to explain the details, 4D is too much of a leap for some.

 

So I think Cyber is just too difficult or maybe a better word is ‘strange‘ of a concept for many people.

 

****UPDATED 4/19 12pm Central******

An interesting story about Russia attacking US and UK routers…

https://mashable.com/2018/04/17/russian-router-warning-us-uk/#slGg.DbuWsqF

Remember my post on 3/13/18?  http://oversitesentry.com/replace-your-wi-fi-router-if-2yr-old/

some good quotes from the mashable article:

‘These “cyber actors” are identifying vulnerable devices to break into, where they can extract device configurations, harvest login details, and control the traffic that goes through the router.’

 

A quick review from my post  — you can’t patch older than 2 years routers, as they are not being patched by manufacturers.

********************************

The compliance departments are reverse engineering the effects of a breach and Cyber understanding.   It is too difficult to decipher code, so we say don’t perform CC processing without encryption.  We don’t say what the encryption is and how it should be sent. There are many more pitfalls for a manager without technical knowledge.

If Hackers can steal data of your prized customers with a thermometer, then what else can they do?

So what to do? Create Cyber audits to review the IT world in your entity. Otherwise you will see headlines that you will not like.

Contact Us to discuss

 

 

Risk Management Should Be: Known Threats Evaluated – Find Unknown Threats

It is a known fact that Risk management looks in the known facts department.  As we try to evaluate what issue to focus on.

Nowhere is this Security as last point of order more evident than in the Cryptocurrency markets being created with ICO’s (Initial Coin Offerings).

You would think that when setting up an ICO which is based on a Cryptological currency the security of the venture would not be an afterthought. But it apparently was several times as stated in ZDNet article  Cryptocurrency Catastrophes of 2017.

wallet addresses were changed on websites and million$ were stolen in the form of ethereum coins.

I am not interested in the Cryptocurrency market, but am interested in human psychology and efforts. In this new field it apparently does not dawn on many CEO’s of these new entities that security should be a central tenet in their business model. Especially since their venture is completely digital, i.e. constructed in a computer.

We as humans have a hard time with focusing on security. As it is hard enough to create an ICO and a cryptocurrency so when it is time to develop the website to sell  or manage cryptocurrencies the security is an afterhought?

Why are we always behind?

  1. July – Coindash ICO $7.4mil stolen
  2. Veritaseum’s ICO $8mil stolen
  3. Parity  wallet  $30mil stolen
  4. November: Tether $30.9 mil stolen
  5. User found vulnerability and exploited it thus freezing $160 mil in funds.

There were a bunch of scams as well, but those I am not interested in. So $76mil were stolen and $160mil frozen due to a lack of preparedness and misunderstanding of Cybersecurity.

Why is it we always focus on cybersecurity after something happens? After an issue occurs, thus making it known.

 

The problem we have in Cybersecurity is to focus a little bit of our time and effort before known issues come into being.

Contact Me to discuss this in detail as we can forge a path forward in this new digital age.

 

 

As Technology Changes Faster “Remember The Basics”

I like Jonas Bjerg’s YouTube video of “How Abundance Will Change The World”

Elon Musk  predicts 100 Gigafactories in the world(of which he will build 4)

Peter Diamandis  and Elon were at the World Government Summit 2017.

Cost per Genome is going down and has gone down exponentially.

Quick review of video: ‘So robots will take over, the world will have abundance and people will lose meaning (having lost their jobs)’.

So what will happen to friction of all this? When have you known people to actively agree 100% with how technology has gone along?  As usual there is no thought to security.

What about crime?

I know, I am in Cybersecurity field, and to me it is simple to see, when “some” people lose their jobs to robots, they may become hackers and either create new crime syndicates, or work for an already successful syndicate.

Maybe I want to make more money than from the Universal Basic Income that some are proposing once many of the drivers and doctors are out of a job. How will I make more money? by figuring out a way to get a piece of the cyber slice$ that is around “in abundance”

Then we have a Dark Reading post ‘Back to Basics’ Might be your best Security weapon

Here Lee Waskevich’ commentary points out what I have said for many blogposts: We must focus on the basics first then we can point out the more advanced issues.

So let’s train our employees to find the scams in our mailbox (email and mail)  SCMagazine points out a survey that found 32% of Britons would become a money mule for criminals.  The issue is that unemployed people talk themselves into many things, especially if they have no previous arrest records.

In this Blog we know that people do illegal things and companies and people must defend themselves appropriately. Even as technologies become increasingly complex with more robotics and electrification of everything. (I always wonder why we focus on Cybersecurity AFTER a breach has occurred).

Let’s put 10% of our efforts into Cybersecurity and then we will be better off. Contact Us to review your Cybersecurity profile.

Ok, that’s good, but what about the Crypto Currency craze? There will and are thefts here – Hot for Security has a story on how $400k was stolen in BlackWallet application using DNS, and as you can see right now 1/16/2018  13:30 the site is down.

So what does that mean? If you are involved with money and even crypto currencies you better be testing your environment for cyber attacks.

What will 2018 bring to Cybersecurity?

Happy New Year 2018 very soon!!!

This is a good time to review the technologies that are shaping our lives which means what to Cybersecurity?


Amazon, iPhone devices, Android devices… these are technological breakthroughs that are quickly changing their technological landscape to either enhance user friendliness and features or to be the better brand or flagship product type in the technological category they belong. This means more Internet connectivity, not less.

What does more Internet mean? Does more function mean less security? Based on statistics, one thing is for sure, this means cybersecurity will be more important in 2018. Because as you will see more connectivity means a ripple will cause more problems, so we _have_ to focus on cybersecurity a certain amount or this decision of apathy to cybersecurity will cause you regret.

If we look back to the year 2015, in one of our blogposts, we discussed the relevance of the Cisco VNI (Visual Networking Index) forecast. In 2015, the projection as to how many devices will be connected to the Internet to be an immense 24 billion devices by 2019. Current day VNI projection are showing a much larger number than the 2015 projection, with numbers now at 29.1 billion, although closer, we should get even better projections as time goes on.

What is the relevance of this then? It means the number of connections to the Internet has grown exponentially, no mention of the data usage we have when plugged in to the net. More devices, means more occurrences of net usage. More net usage means a wider variety of data transfer and traffic. More data traffic means more open opportunity to risk factors that may lead to higher risk in cybersecurity.

What is alarming is when we think about how much of that number is criminal traffic and how much of that is checking your defenses. We want to advance to a new level by increasing capabilities but we may be overlooking that more capabilities mean more chances of risk. In many cases, we don’t see the possibilities of where risk may come about, because we are focused on making it work or creating revenue. So do we see the increase of possibilities and opportunities that we have increases technological capabilities and Risk analysis complexity?

That is why, developing a risk analysis process is important. It is not only a review of how much and what kind of Internet occurrences you have but a check on the data load you use. Alongside this realization of data transfer, it is pertinent that you do optimal checks and create regular controls updates within your your organization. Having an external risk auditor will help a lot in knowing how much more protection you need to uphold or how much risk oversight you need to work on. If you value the investment you have worked on, it always pays back to also value its maintenance through cyber protection. Contact us, to learn more.