Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Key Biscayne Hit by Cybersecurity Attack
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tdsan
50%
50%
tdsan,
 User Rank: Ninja
7/5/2019 | 7:35:42 PM
Re: Burnt by the Stove
I am definitely in agreement with you there. All the points you stated were right on. But you have to ask yourself, if we continue to do the same thing (definition of insanity is continue to do the same thing expecting a different outcome) and the Ransomware continues to get into the system, that means one of three things:
  • The security systems we have in place are not doing their job and the people managing them are not up to par
  • We need to start looking at security from a different perspective or approach, because quite frankly, this is not working and apply a different set of rules
  • Finally, we have address the issue with executives and they along with the rest are not listening to our concerns

I brought numerous points and suggested to the group on "how do we secure a protocol (IPv4) that is not securable (this question from a buddy of mine by the name of Mike)"? How are we addressing different scenarious using the same methods using the same tools and Ransomware still gets through? That means our design and concepts of thinking has to change, look at what Kevin Mitnik said:

He stated, AV is basically useless, he was able to exploit a vulnerability in the application (Adobe Acrobat Xi or 11) where the AV scanned it twice and said it was ok (he even said McAfee is good for only making video, wow). Look at what he found, the malware is installed on your machine and this is with PDFs. This is just one example of how the hacker is getting into the network, the file is being downloaded to the desktop, then file starts to encrypt your filesystem within one minute of file being opened.

What I have found is that we need to start looking at the following:
  • Move to IPv6, utilize IPsec ESP/AH (Encapsulated Secured Payload and Authenticated Headers) VPN capability
  • Install HIDS on the workstations/desktops (this will help with the execution of applications that could be considered problematic)
  • Encryption should not be an option, it should be required
  • NIPS (Network Intrusion Prevention System) should be installed as well, this will help with identying traffic that comes in and out of the network and it can stop the application from processing or continuing
  • NGFW (NG = Next Generation Firewall) - should be able to capture and filter traffic that is considered nefarious
  • NGAV - we have AVs that perform machine learning, we need to purchase and enable this software because the signature approach is no longer working, we need the software to be able to make decions based on what it has learned
  • There should be a centralized brain where the logs, NIDPS (Network Intrusion and Prevention System), HIDS, NGFW, NGAV all tie into the same system but this SIEM is intelligent enough and fast enough to create quasi-Big-Data  correlations, this should be done in real-time; also, the system needs to be intelligent enough to make a decision based on the level of confidence without user intervention
  • We need to invoke two user access/authentication to data (require two users to turn a key at the same time while one works on that system, similar to way missiles are launched)

Todd
bushmann
50%
50%
bushmann,
 User Rank: Apprentice
7/5/2019 | 10:40:36 AM
Re: Burnt by the Stove
I take a different view on this - blame the Security folks including myself. We keep talking the same thing over and over, like compliance checkboxes, audit list, regulations, organizational change cultures, etc but how about viewing all these as our security partners/tools contributing to secure assets in a holistic and comprehensive way. Business executives understand these checkboxes, whereas security folks don't and keep crying fault. When a breach occurs in your organization, who stands in front of the media, security folks or your business?

Security is a part of the overall business and must be viewed as a trusted advisor/partner to the business in identifying risk, educate business owners about risk, recommend controls to reduce risk but the business ultimately makes the final business decision because they own the risk. Who pays for any security controls/programs in your organization? Who do you report to in your organization - business, right?

As security professionals, let's embrace regulations, compliance, audit, and whatever tools that we can use to help business reduce their risk exposure. Stop complaining and finger-pointing. Let's take a hard look inwardly and realize that we too contribute to this issue, that's why security for the longest time have no seat at the table with the board.

My two cents

 
rcash
50%
50%
rcash,
 User Rank: Strategist
7/1/2019 | 5:26:08 PM
Compliance mentality trains reaction
We are all on a journey towards Information Security and a significant obstacle is the paradigm imposed on a given organization by 'the compliance mentality'. It suggests that there is a plateu or end point where nothing else is needed, and then during cyclical risk-assesment comes the reactionary and predictably goal-oriented checklists and their check boxes.  This antagonizes maturiy progress due to the instituionalized inertia it creates.  Sincerely, there needs to be a sober industry-wide relook to what copmpliance means, and how it can effectively get businesses to a specified level of security without quenching the desire to be effectively proactive.
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/30/2019 | 2:37:14 PM
Re: ransomware
I agree with you, but we have to have people who are willing to listen. With this new generation of security and executives, hopefully they will be more open to the conversation than our predecessors.

If not, then their rise to prominence will be riddled with age old problems.

Todd
RyanSepe
50%
50%
RyanSepe,
 User Rank: Ninja
6/30/2019 | 10:34:31 AM
Re: ransomware
Agreed. These are the day to day discussions that as security practioners we must have. "What is the risk?, What is the assessed value?" The important thing is to have an audience with key stakeholders that truly understand the importance of security and don't just think of the funciton as a compliance checkbox.
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/29/2019 | 8:27:22 PM
Re: ransomware
Interesting, I do agree with the relevance of data but to your point, if the data has  been depreciated (not used for sometime or years), then the issue may not be as relevant, but do you report it to GDPR (even if you have controls or appliances in place to address the issue, that is usually an executive decision).

But yes, I do agree it depends on the value of data but when you talk to an executive, they often go overboard so it depends who are talking to and at what time of day, lol.

That's not good enough
RyanSepe
50%
50%
RyanSepe,
 User Rank: Ninja
6/29/2019 | 7:44:28 PM
Re: Burnt by the Stove
"This is exactly true. Until get hit not understanding true importance of being protected from attacks."

Most definitely. It's still very unfortunate however that organizations are still on the path of reacting over being proactive.
RyanSepe
50%
50%
RyanSepe,
 User Rank: Ninja
6/29/2019 | 7:42:52 PM
Re: ransomware
Agreed but really depends on the data stolen. For something like this yes but if the data was PHI then it could affect patient care.
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/29/2019 | 6:20:12 PM
Re: Burnt by the Stove
Well that is what your security staff is there for. If the staff cannot express their concerns to executive members, then there needs to be a conversation with the oversight commitee or the Chairman's office that can push their initiative. It will take time but it can happen (they need to build alliances first before moving forward and maybe educating the internal staff members so their message will come from everyone - IT Social Awareness).

T
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/29/2019 | 6:16:48 PM
Re: ransomware
Interesting, tell that to the admin staff and executive offices, they are in a panic when this happens.

You can't tell them anything, lol.

T
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.