Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Key Biscayne Hit by Cybersecurity Attack
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tdsan
tdsan,
 User Rank: Ninja
7/5/2019 | 7:35:42 PM
Re: Burnt by the Stove
I am definitely in agreement with you there. All the points you stated were right on. But you have to ask yourself, if we continue to do the same thing (definition of insanity is continue to do the same thing expecting a different outcome) and the Ransomware continues to get into the system, that means one of three things:
  • The security systems we have in place are not doing their job and the people managing them are not up to par
  • We need to start looking at security from a different perspective or approach, because quite frankly, this is not working and apply a different set of rules
  • Finally, we have address the issue with executives and they along with the rest are not listening to our concerns

I brought numerous points and suggested to the group on "how do we secure a protocol (IPv4) that is not securable (this question from a buddy of mine by the name of Mike)"? How are we addressing different scenarious using the same methods using the same tools and Ransomware still gets through? That means our design and concepts of thinking has to change, look at what Kevin Mitnik said:

He stated, AV is basically useless, he was able to exploit a vulnerability in the application (Adobe Acrobat Xi or 11) where the AV scanned it twice and said it was ok (he even said McAfee is good for only making video, wow). Look at what he found, the malware is installed on your machine and this is with PDFs. This is just one example of how the hacker is getting into the network, the file is being downloaded to the desktop, then file starts to encrypt your filesystem within one minute of file being opened.

What I have found is that we need to start looking at the following:
  • Move to IPv6, utilize IPsec ESP/AH (Encapsulated Secured Payload and Authenticated Headers) VPN capability
  • Install HIDS on the workstations/desktops (this will help with the execution of applications that could be considered problematic)
  • Encryption should not be an option, it should be required
  • NIPS (Network Intrusion Prevention System) should be installed as well, this will help with identying traffic that comes in and out of the network and it can stop the application from processing or continuing
  • NGFW (NG = Next Generation Firewall) - should be able to capture and filter traffic that is considered nefarious
  • NGAV - we have AVs that perform machine learning, we need to purchase and enable this software because the signature approach is no longer working, we need the software to be able to make decions based on what it has learned
  • There should be a centralized brain where the logs, NIDPS (Network Intrusion and Prevention System), HIDS, NGFW, NGAV all tie into the same system but this SIEM is intelligent enough and fast enough to create quasi-Big-Data  correlations, this should be done in real-time; also, the system needs to be intelligent enough to make a decision based on the level of confidence without user intervention
  • We need to invoke two user access/authentication to data (require two users to turn a key at the same time while one works on that system, similar to way missiles are launched)

Todd
bushmann
bushmann,
 User Rank: Apprentice
7/5/2019 | 10:40:36 AM
Re: Burnt by the Stove
I take a different view on this - blame the Security folks including myself. We keep talking the same thing over and over, like compliance checkboxes, audit list, regulations, organizational change cultures, etc but how about viewing all these as our security partners/tools contributing to secure assets in a holistic and comprehensive way. Business executives understand these checkboxes, whereas security folks don't and keep crying fault. When a breach occurs in your organization, who stands in front of the media, security folks or your business?

Security is a part of the overall business and must be viewed as a trusted advisor/partner to the business in identifying risk, educate business owners about risk, recommend controls to reduce risk but the business ultimately makes the final business decision because they own the risk. Who pays for any security controls/programs in your organization? Who do you report to in your organization - business, right?

As security professionals, let's embrace regulations, compliance, audit, and whatever tools that we can use to help business reduce their risk exposure. Stop complaining and finger-pointing. Let's take a hard look inwardly and realize that we too contribute to this issue, that's why security for the longest time have no seat at the table with the board.

My two cents

 
rcash
rcash,
 User Rank: Strategist
7/1/2019 | 5:26:08 PM
Compliance mentality trains reaction
We are all on a journey towards Information Security and a significant obstacle is the paradigm imposed on a given organization by 'the compliance mentality'. It suggests that there is a plateu or end point where nothing else is needed, and then during cyclical risk-assesment comes the reactionary and predictably goal-oriented checklists and their check boxes.  This antagonizes maturiy progress due to the instituionalized inertia it creates.  Sincerely, there needs to be a sober industry-wide relook to what copmpliance means, and how it can effectively get businesses to a specified level of security without quenching the desire to be effectively proactive.
tdsan
tdsan,
 User Rank: Ninja
6/30/2019 | 2:37:14 PM
Re: ransomware
I agree with you, but we have to have people who are willing to listen. With this new generation of security and executives, hopefully they will be more open to the conversation than our predecessors.

If not, then their rise to prominence will be riddled with age old problems.

Todd
RyanSepe
RyanSepe,
 User Rank: Ninja
6/30/2019 | 10:34:31 AM
Re: ransomware
Agreed. These are the day to day discussions that as security practioners we must have. "What is the risk?, What is the assessed value?" The important thing is to have an audience with key stakeholders that truly understand the importance of security and don't just think of the funciton as a compliance checkbox.
tdsan
tdsan,
 User Rank: Ninja
6/29/2019 | 8:27:22 PM
Re: ransomware
Interesting, I do agree with the relevance of data but to your point, if the data has  been depreciated (not used for sometime or years), then the issue may not be as relevant, but do you report it to GDPR (even if you have controls or appliances in place to address the issue, that is usually an executive decision).

But yes, I do agree it depends on the value of data but when you talk to an executive, they often go overboard so it depends who are talking to and at what time of day, lol.

That's not good enough
RyanSepe
RyanSepe,
 User Rank: Ninja
6/29/2019 | 7:44:28 PM
Re: Burnt by the Stove
"This is exactly true. Until get hit not understanding true importance of being protected from attacks."

Most definitely. It's still very unfortunate however that organizations are still on the path of reacting over being proactive.
RyanSepe
RyanSepe,
 User Rank: Ninja
6/29/2019 | 7:42:52 PM
Re: ransomware
Agreed but really depends on the data stolen. For something like this yes but if the data was PHI then it could affect patient care.
tdsan
tdsan,
 User Rank: Ninja
6/29/2019 | 6:20:12 PM
Re: Burnt by the Stove
Well that is what your security staff is there for. If the staff cannot express their concerns to executive members, then there needs to be a conversation with the oversight commitee or the Chairman's office that can push their initiative. It will take time but it can happen (they need to build alliances first before moving forward and maybe educating the internal staff members so their message will come from everyone - IT Social Awareness).

T
tdsan
tdsan,
 User Rank: Ninja
6/29/2019 | 6:16:48 PM
Re: ransomware
Interesting, tell that to the admin staff and executive offices, they are in a panic when this happens.

You can't tell them anything, lol.

T
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file