While everybody has been discussing the Coronavirus and the elections we have been focused on providing you with the best application security guidance and news out there.
The March edition of this newsletter brings two new ReThink articles and a variety of interesting articles that I’ve found this month. The threat landscape is evolving. Attackers continue to use novel attack vectors and techniques to gain access to networks and systems.
We are starting to see attackers pivoting from ransomware to other types of attacks that can do more damage and result in higher success (payment) rates. Attackers do this by gaining access, then persistence on a network, expanding their reach quietly, then exfiltrating interesting data to an offsite location. Once that is done they can perform other extortion type attacks including deletion, encryption, and public disclosure of sensitive data. These trends have resulted in the weaponization of more attack vectors beyond what we’ve seen in the past. Defending your network, applications, and users has never been more pressing.
Recent ReThink Articles
Joe spent the last few weeks exploring the darkweb to uncover the tools and techniques that attackers use to gain access to illicit information. He also shared how attackers buy and sell data once they’ve breached a system. It’s fascinating to see how various types of are being sold on the black market, what their market value is, and how easy it is to make these transactions.
Jason wrote a piece about how important it is to focus on people first when we want to make a security impact within the enterprise. It’s easy to get wrapped up in the latest tool or vendor solution, especially as you walk the halls of RSA and listen to vendor claims, or read the latest white paper that claims it can solve all of your security problems. Remember we’ve been here before. A holistic solution involving people, tools, network and application security is our only chance to defend against the types of threats and risks we see today.
More Security Headlines
I’ve started to use WARP from CloudFlare. This enables a number of powerful network security features to help protect your mobile devices. It uses their 220.127.116.11 DNS system over TLS and adds a layer of VPN to their network. This encrypts all requests (including DNS requests) and all traffic. They’ve focused on making it performant reducing the speed and battery life overhead normally associated with similar solutions. Oh, and their base version is free.
Imagine what an attacker could do with 5 months of unfettered access to your network. That’s the question that Citrix had to grapple with recently. This aligns with what I think of as the current generation of more advanced attackers. Gone are the days of dropping ransomware and leaving. The threat to your company is wider and deeper than ever before.
Puerto Rico Lost $2.6M in a phishing scam. Phishing is still a very real attack vector. Train your users, enable 2FA, and put risk based solutions in place to protect yourself. This example underscores that attackers will target the softest targets first with no thought of who it may affect.
Researchers have found many Cisco devices are vulnerable to attacks which may allow an attacker to breach networks, execute remote code, exfiltrate data, or gain access to devices and intercept data. This is a major security flaw that needs to be addressed quickly. There are no workarounds for many of these issues. Disabling or upgrading the device is the only solution.
Students from Harvard did some interesting research to collate data breaches from Darknet data dumps and other sources to create a more complete picture of individual users. They found they were able to trivially aggregate this information to increase the risk of a data breach significantly.
A (US born) Raytheon Engineer was arrested for taking US defense secrets to China. This highlights how difficult it is to protect information. At some point you have to trust users with sensitive data. DLP vendors will tell you that they can help, but just ask your nearest Security Researcher the myriad ways of exfiltrating data from a network and you’ll understand the extent of the issue. We have to protect our data at an appropriate level based upon the value of that data to attackers.