Google Is Ga-Ga Over Security Key

LARRY LOEB | December 28, 2016

article image
Most systems require users to provide verification of their identities to log in. This is usually done with passwords that serve as a security key. Some situations call for two-factor authentication (2FA). That means that the system sends the user information and then requires the user to repeat it. Just how that information gets sent and repeated, however, has been under discussion for a while.

Spotlight

Zivaro

With a legacy spanning over twenty years, Zivaro is a veteran in the Colorado tech space. Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments. With deep roots in Hybrid IT, Security, Collaboration, and Analytics, we support clients across a broad spectrum of industries with IT strategy, planning, implementation and IT operations. The world has gone digital, and change is constant, but our commitment to solving your challenges and providing measurable results will never change.

OTHER ARTICLES

Here’s What Universities Need to Know About Cyber-Attacks

Article | June 1, 2021

Over the last year, the education delivery model has changed rapidly. Universities have learnt to operate entirely remotely and now that learning may resume in person, a hybrid education model will likely continue. The transition from physical to online models happened so quickly that it left many IT networks exposed to serious harm from outside forces. With a hybrid model, there is likely a widening attack surface area. A recent spate of attacks suggests that cyber-criminals are taking notice of the seemingly infinite weaknesses in learning centers defenses. But why? One of the primary reasons is that universities operate large corporate-sized networks, but without the budgets to match. Add to that, teachers and students aren’t given training to use and connect their technology in a safe way. To avoid falling victim to devastating cyber-attacks which often have dire consequences, we share three lessons universities need to quickly take on board. Your Research is Valuable to Cyber-Criminals There is a hefty price tag on some of the research conducted by universities, which makes it particularly attractive to cyber-criminals. The University of Oxford’s Division of Structural Biology was targeted in February by hackers snooping around, potentially in search of information about the vaccine the university has worked on with AstraZeneca. It’s not just gangs of cyber-criminals targeting research facilities, last year Russian state backed hackers were accused by official sources in the US, UK and Canada of trying to steal COVID-19 vaccine and treatment research. With world-leading research hidden in the networks of universities, its unsurprising that last year over half (54%) of universities surveyed said that they had reported a breach to the ICO (Information Commissioner’s Office). The research conducted by many UK universities makes them an attractive target for financially motivated cyber-criminals and state-sponsored hackers in search of valuable intellectual property. To add insult to injury, ransomware attackers are doubling their opportunity for pay off by selling off the stolen information to the highest bidder, causing a serious headache for the victims while potentially increasing the value of their pay-out. Personal Information of Students and Staff Can Easily Fall into the Wrong Hands Based on tests of UK university defenses, hackers were able to obtain ‘high-value’ data within two hours in every case. In many cases, successful cyber-attacks are followed by not only a ransom note demanding payment for the recovery of frozen or stolen data, but also the added threat of sharing any sensitive stolen information with the public.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

Cybersecurity: Five Key Questions The CEO Must Ask

Article | December 15, 2020

Just about every single day, somewhere in the world, a company falls victim to cyber attackers, even with millions spent on cybersecurity. Every company is a target because they have data and there are too many doors, windows and entryways for cyber attackers to get in, whether on-premise or in the cloud. It is not a question of if, but when, the attackers will get in. Prevention efforts are of course important, but since attackers will get in, equal attention must be on detection going forward. And the focus must be on early detection, otherwise, it will be too late. My book, Next Level Cybersecurity, is based on intensive reviews of the world’s largest hacks and uncovers the signals of the attackers that companies are either missing or don’t know how to detect early, apart from all of the noise. So, the attackers are slipping by the cybersecurity, staying undetected and stealing data or committing other harm. In the book I explain the Cyber Attack Chain. It is a simplified model that shows the steps that cyber attackers tend to follow in just about every single hack. There are five steps: external reconnaissance; intrusion; lateral movement; command and control; and execution. At each step, there will be signals of the attackers’ behavior and activity. But the signals in the intrusion, lateral movement and command and control steps provide the greatest value because they are timely. The external reconnaissance step is very early and the signals may not materialize into an attack, while detecting signals in the execution step is too late because by this time the data theft or harm will have already occurred. My research uncovered 15 major signals in the intrusion, lateral movement and command and control steps that should be the focus of detection. My research of the world’s largest hacks reveals that if the company had detected signals of the attackers early, in the intrusion, lateral movement or command and control steps, they would have been able to stop the hack and prevent the loss or damage. My book shows how to detect the signals in time, using a seven-step early detection method. One of the key steps in this method is to map relevant signals to the Crown Jewels (crucial data, IP or other assets). It is a great use case for machine learning and AI. There is a lot of noise, so machine learning and AI can help eliminate false positives and expose the attackers’ signals early to stop the hack. There are two blind spots that just about every single company world-wide faces that cyber attackers will exploit, beginning in 2019, that companies must get on top of. One blind spot is the cloud. There is a false sense of comfort and lack of attention to detection, thinking the cloud is safer because of the cloud provider’s cybersecurity or because the cloud provider has an out-of-the-box monitoring system. However, if the company fails to identify all Crown Jewels and map all relevant cyber attacker signals for the monitoring, the attackers will get in, remain undetected and steal data or commit other harm in the cloud. The other blind spot is Internet of Things (IoT). IoT devices (e.g. smart TVs, webcams, routers, sensors, etc.), with 5G on the way, will be ubiquitous in companies world-wide. While IoT devices provide many benefits, they are a weak link in the chain due to poor built-in security and lack of monitoring. Cyber attackers will focus on IoT devices to make the intrusion, then pivot to get to the Crown Jewels. Detecting early signals of cyber attackers trying to exploit IoT devices will be critical. Companies world-wide need to make cybersecurity a priority, starting in the board room and with the CEO. It all starts at the top. My intensive reviews of the world’s largest hacks reveal in each case a common theme: inadequate or missing CEO and board cybersecurity oversight. Here are five key questions from my book that the CEO must take the lead on and together with the board ask of the management team to make sure the company will not become the next victim of cyber attackers and suffer significant financial and reputational harm: Have we identified all of our Crown Jewels and are not missing any? Do we know where all of the Crown Jewels are located? Have we identified all of the ways cyber attackers could get to the Crown Jewels? Have we mapped high probability signals of cyber attackers trying to get to the Crown Jewels with each Crown Jewel? Are we sifting through all of the noise to detect signals early and reporting to the CEO and the board in a dashboard report for timely oversight? If your answer is No to any of the questions or you are unsure, you have a gap or blind spot and are at risk, and you must follow up to get to a high confidence Yes answer. In my book, Next Level Cybersecurity, I provide other key questions to ask and a practical seven-step method to take cybersecurity to the next level to stay one step ahead of the attackers. It is written in plain language for boards, executives and management, so everyone can get on the same page and together mitigate one of the most significant and disruptive risks faced today, cybersecurity.

Read More

As Ransomware Surge Continues, Where Next for Government?

Article | August 30, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber-attacks. But where does that leave others? There are ‘four or five steps you could take that could significantly mitigate this risk,’ Falk said. These are patching, multifactor authentication and all the stuff in the Australian Signals Directorate's Essential Eight baseline mitigation strategies. …” Back in April of this year, a BBC News headline read, "The ransomware surge ruining lives." And that was before the cyber-attacks on critical infrastructure sectors like Colonial Pipeline, meat-processing giant JBS, the Irish Health Service and so many others. And when President Biden met with Russian President Putin last month in Geneva, he declared that certain critical infrastructure should be “off-limits” to cyber-attacks. “We agreed to task experts in both our countries to work on specific understandings about what is off-limits,” Biden said. “We’ll find out whether we have a cybersecurity arrangement that begins to bring some order.” As an initial positive step forward, this cyber defense policy makes sense. In fact, most global experts applaud these moves and efforts to better protect and clarify international crimes in cyberspace. Previous administrations going back to George W. Bush have taken aggressive steps to ensure critical infrastructure is protected in the U.S. and around the world through actions involving people, process and technology, both offline and online. The 16 critical infrastructure sectors identified by DHS/CISA can be found here. Still, many questions remain regarding this new policy: Will all global governments actually agree on the wording? More importantly, even if they do agree, how will the agreements be enforced? Also, what happens if some countries continue to allow criminals to attack these critical infrastructure sectors from their soil? And my main question goes further: Even if all of these agreements and actions are 100 percent agreed upon and enforced, which most people don’t believe will happen, does this imply that every organization not covered under these 16 critical infrastructure sectors can be openly attacked without a response? Is this giving into cyber criminals for everyone else? For example, would K-12 schools or small businesses be “fair game” and not off limits? Could this actually increase attacks for any organization not considered on the CISA list? No doubt, some will say that schools are a part of government, and yet there are private schools. In addition, if we do cover all others somehow, perhaps as a supplier of these 16 sectors, doesn’t that make the “off-limits” list essentially meaningless? Essentially, where is the line? Who is included, and what happens when some nation or criminal group crosses the line? These questions became more than an intellectual thought exercise recently when the Kaseya ransomware attack impacted more than 1,500 businesses, without, in their words, impacting critical infrastructure. CBS News reports, “Still, Kaseya says the cyber-attack it experienced over the July 4th weekend was never a threat and had no impact on critical infrastructure. The Russian-linked gang behind the ransomware had demanded $70 million to end the attack, but CNBC reported that the hackers reduced their demands to $50 million in private conversations. "The Miami-based company said Tuesday that it was alerted on July 2 to a potential attack by internal and external sources. It immediately shut down access to the software in question. The incident impacted about 50 Kaseya customers.” OTHER RECENT RANSOMWARE NEWS Meanwhile, in a bit of a surprise, ransomware group REvil disappeared from the Internet this past week, when its website became inaccessible. As Engadget reported, “According to CNBC, Reuters and The Washington Post, the websites operated by the group REvil went down in the early hours of Tuesday. Dmitri Alperovitch, former chief technology officer of the cyber firm CrowdStrike, told The Post that the group's blog in the dark web is still reachable. However, its critical sites victims use to negotiate with the group and to receive decryption tools if they pay up are no longer available. Visitors to those websites now see a message that says ‘A server with the specified host name could not be found.’" CNBC reported: “There are 3 main possibilities for the criminal gang’s disappearance — each of which carries good and bad news for U.S. efforts to combat the ransomware scourge emanating from Russia. The Kremlin bent under U.S. pressure and forced REvil to close up shop. U.S. officials tired of waiting for Kremlin cooperation and launched a cyber operation that took REvil offline. REvil’s operators were feeling the heat and decided to lay low for a while. "This situation may send a message to some of the players that they need to find a less-aggressive business model, which could mean avoiding critical infrastructure, or it could mean avoiding U.S. targets.” Also, the Biden administration announced several other measures to combat ransomware: “The Biden administration will offer rewards up to $10 million for information leading to the identification of foreign state-sanctioned malicious cyber activity against critical U.S. infrastructure — including ransomware attacks — and the White House has launched a task force to coordinate efforts to stem the ransomware scourge. "It is also launching the website stopransomware.gov to offer the public resources for countering the threat and building more resilience into networks, a senior administration official told reporters.” And yet, many experts are still predicting that ransomware will continue to grow in the near future. For example, TechHQ wrote that “identifying the culprits often isn't as big an obstacle as apprehending them.” To show recent growth of ransomware attacks, Fox Business offered details on a Check Point report this past week that “ransomware attacks surge, growing 93 percent each week.” Also: “'The ransomware business is booming. We’re seeing global surges in ransomware across every major geography, especially in the last two months,' said Lotem Finkelstein, head of threat intelligence at Check Point Software. 'We believe the trend is driven by scores of new entrants into the ransomware business.'" For more background on this hot topic, a few weeks back I appeared on MiTech News to discuss the ransomware crisis. FINAL THOUGHTS I’d like to close with this article which offers a slightly different perspective on ransomware from ZDNet Australia: “The threat of ransomware dominates the cyber news right now, and rightly so. But this week Rachael Falk, chief executive officer of Australia's Cyber Security Cooperative Research Centre, made a very good point. Ransomware is ‘Totally foreseeable and preventable because it's a known problem," Falk told a panel discussion at the Australian Strategy Policy Institute (ASPI) on Tuesday. ‘"It's known that ransomware is out there. And it's known that, invariably, the cyber criminals get into organisations through stealing credentials that they get on the dark web [or a user] clicking on a link and a vulnerability," she said. ‘We're not talking about some sort of nation-state really funky sort of zero day that's happening. This is going on the world over, so it's entirely foreseeable.’" Article Orginal Source: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/as-ransomware-surge-continues-where-next-for-government

Read More

Spotlight

Zivaro

With a legacy spanning over twenty years, Zivaro is a veteran in the Colorado tech space. Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments. With deep roots in Hybrid IT, Security, Collaboration, and Analytics, we support clients across a broad spectrum of industries with IT strategy, planning, implementation and IT operations. The world has gone digital, and change is constant, but our commitment to solving your challenges and providing measurable results will never change.

Events