Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Key Biscayne Hit by Cybersecurity Attack
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tdsan
50%
50%
tdsan,
 User Rank: Ninja
7/5/2019 | 7:35:42 PM
Re: Burnt by the Stove
I am definitely in agreement with you there. All the points you stated were right on. But you have to ask yourself, if we continue to do the same thing (definition of insanity is continue to do the same thing expecting a different outcome) and the Ransomware continues to get into the system, that means one of three things:
  • The security systems we have in place are not doing their job and the people managing them are not up to par
  • We need to start looking at security from a different perspective or approach, because quite frankly, this is not working and apply a different set of rules
  • Finally, we have address the issue with executives and they along with the rest are not listening to our concerns

I brought numerous points and suggested to the group on "how do we secure a protocol (IPv4) that is not securable (this question from a buddy of mine by the name of Mike)"? How are we addressing different scenarious using the same methods using the same tools and Ransomware still gets through? That means our design and concepts of thinking has to change, look at what Kevin Mitnik said:

He stated, AV is basically useless, he was able to exploit a vulnerability in the application (Adobe Acrobat Xi or 11) where the AV scanned it twice and said it was ok (he even said McAfee is good for only making video, wow). Look at what he found, the malware is installed on your machine and this is with PDFs. This is just one example of how the hacker is getting into the network, the file is being downloaded to the desktop, then file starts to encrypt your filesystem within one minute of file being opened.

What I have found is that we need to start looking at the following:
  • Move to IPv6, utilize IPsec ESP/AH (Encapsulated Secured Payload and Authenticated Headers) VPN capability
  • Install HIDS on the workstations/desktops (this will help with the execution of applications that could be considered problematic)
  • Encryption should not be an option, it should be required
  • NIPS (Network Intrusion Prevention System) should be installed as well, this will help with identying traffic that comes in and out of the network and it can stop the application from processing or continuing
  • NGFW (NG = Next Generation Firewall) - should be able to capture and filter traffic that is considered nefarious
  • NGAV - we have AVs that perform machine learning, we need to purchase and enable this software because the signature approach is no longer working, we need the software to be able to make decions based on what it has learned
  • There should be a centralized brain where the logs, NIDPS (Network Intrusion and Prevention System), HIDS, NGFW, NGAV all tie into the same system but this SIEM is intelligent enough and fast enough to create quasi-Big-Data  correlations, this should be done in real-time; also, the system needs to be intelligent enough to make a decision based on the level of confidence without user intervention
  • We need to invoke two user access/authentication to data (require two users to turn a key at the same time while one works on that system, similar to way missiles are launched)

Todd
bushmann
50%
50%
bushmann,
 User Rank: Apprentice
7/5/2019 | 10:40:36 AM
Re: Burnt by the Stove
I take a different view on this - blame the Security folks including myself. We keep talking the same thing over and over, like compliance checkboxes, audit list, regulations, organizational change cultures, etc but how about viewing all these as our security partners/tools contributing to secure assets in a holistic and comprehensive way. Business executives understand these checkboxes, whereas security folks don't and keep crying fault. When a breach occurs in your organization, who stands in front of the media, security folks or your business?

Security is a part of the overall business and must be viewed as a trusted advisor/partner to the business in identifying risk, educate business owners about risk, recommend controls to reduce risk but the business ultimately makes the final business decision because they own the risk. Who pays for any security controls/programs in your organization? Who do you report to in your organization - business, right?

As security professionals, let's embrace regulations, compliance, audit, and whatever tools that we can use to help business reduce their risk exposure. Stop complaining and finger-pointing. Let's take a hard look inwardly and realize that we too contribute to this issue, that's why security for the longest time have no seat at the table with the board.

My two cents

 
rcash
50%
50%
rcash,
 User Rank: Strategist
7/1/2019 | 5:26:08 PM
Compliance mentality trains reaction
We are all on a journey towards Information Security and a significant obstacle is the paradigm imposed on a given organization by 'the compliance mentality'. It suggests that there is a plateu or end point where nothing else is needed, and then during cyclical risk-assesment comes the reactionary and predictably goal-oriented checklists and their check boxes.  This antagonizes maturiy progress due to the instituionalized inertia it creates.  Sincerely, there needs to be a sober industry-wide relook to what copmpliance means, and how it can effectively get businesses to a specified level of security without quenching the desire to be effectively proactive.
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/30/2019 | 2:37:14 PM
Re: ransomware
I agree with you, but we have to have people who are willing to listen. With this new generation of security and executives, hopefully they will be more open to the conversation than our predecessors.

If not, then their rise to prominence will be riddled with age old problems.

Todd
RyanSepe
50%
50%
RyanSepe,
 User Rank: Ninja
6/30/2019 | 10:34:31 AM
Re: ransomware
Agreed. These are the day to day discussions that as security practioners we must have. "What is the risk?, What is the assessed value?" The important thing is to have an audience with key stakeholders that truly understand the importance of security and don't just think of the funciton as a compliance checkbox.
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/29/2019 | 8:27:22 PM
Re: ransomware
Interesting, I do agree with the relevance of data but to your point, if the data has  been depreciated (not used for sometime or years), then the issue may not be as relevant, but do you report it to GDPR (even if you have controls or appliances in place to address the issue, that is usually an executive decision).

But yes, I do agree it depends on the value of data but when you talk to an executive, they often go overboard so it depends who are talking to and at what time of day, lol.

That's not good enough
RyanSepe
50%
50%
RyanSepe,
 User Rank: Ninja
6/29/2019 | 7:44:28 PM
Re: Burnt by the Stove
"This is exactly true. Until get hit not understanding true importance of being protected from attacks."

Most definitely. It's still very unfortunate however that organizations are still on the path of reacting over being proactive.
RyanSepe
50%
50%
RyanSepe,
 User Rank: Ninja
6/29/2019 | 7:42:52 PM
Re: ransomware
Agreed but really depends on the data stolen. For something like this yes but if the data was PHI then it could affect patient care.
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/29/2019 | 6:20:12 PM
Re: Burnt by the Stove
Well that is what your security staff is there for. If the staff cannot express their concerns to executive members, then there needs to be a conversation with the oversight commitee or the Chairman's office that can push their initiative. It will take time but it can happen (they need to build alliances first before moving forward and maybe educating the internal staff members so their message will come from everyone - IT Social Awareness).

T
tdsan
50%
50%
tdsan,
 User Rank: Ninja
6/29/2019 | 6:16:48 PM
Re: ransomware
Interesting, tell that to the admin staff and executive offices, they are in a panic when this happens.

You can't tell them anything, lol.

T
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37759
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.