Blockchain and Virtual Currency – Origins of the Cryptocurrency “Boom” and Some Murky Realities

CybeRiskBlog, Cybersecurity

Blockchain

Attention – both positive and negative – continues to be drawn to the emerging blockchain technology, and its potential to disrupt and transform the way we do business, and the ways in which cyber-security may be enforced and deployed. Much of the negative attention has been focused on the blockchain’s application in financial circles – most especially in the proliferation of so-called virtual or “cryptocurrencies” being traded outside the jurisdiction of traditional regulatory frameworks. As recently as last week, federal authorities in the United States shut down the operations of one of the highest ranking virtual currency traders (the Bitcoin platform BTC-e), in a move that highlights the need for greater oversight and governance in at least some aspects of … Read More

SCADA – Supervisory Control and Data Acquisition Networks

CybeRiskBlog, Cybersecurity

Scada

Physical controls and operations within the facilities housing elements of our most critical infrastructure – industrial manufacturing, power generation and distribution, oil and chemical refining, and large-scale telecommunications systems, to name a few – rely on some form of Supervisory Control And Data Acquisition Network (or SCADA network), and/or Industrial Control Systems (ICS). SCADA networks are at the heart of our most essential services, with lives and livelihoods depending on their trouble-free and continuous operation. The consequences of a major compromise to these networks could be catastrophic – and if any SCADA resources were to be held to ransom (now that there are the malware tools available for doing this), authorities might be tempted to pay any price, to get … Read More

Shadow Admins – Hidden or Forgotten “Super Users” that Undermine Network Security

CybeRiskBlog, Cybersecurity

Shadow Admins

The busy work of network management often requires administrators to make on-the-fly decisions to facilitate access and streamline ongoing business operations. Among these measures may be temporarily elevating the access rights of specific users without recording these changes in the Active Directory (AD) of an organization – on the understanding/assumption that these elevated rights will be downgraded once the conditions demanding them have been met. But with human nature being what it is (and network administrators being as human as anyone else), decisions like this may be forgotten in the rush to address the next crisis or challenge facing the enterprise – potentially leaving a population of undocumented network users with privileges and access rights beyond their officially recorded status. … Read More

Red Team – Pros and Cons of In-House vs Outsourced Penetration Testing

CybeRiskBlog, Cybersecurity

red team penetration testing

There’s a growing consensus in some circles that a cyber security strategy based solely on hardware, software, and policy-setting simply isn’t enough to ensure the safety and integrity of enterprise data and networks. This school of thought holds that, for a fully comprehensive security stance to be maintained, enterprise resources, infrastructure, and personnel have to be tested under fire – so as to gain experience of the actual conditions surrounding a cyber-attack or security breach, and to establish the state of weakness or readiness of enterprise defenses as a whole. Penetration testing is the necessary element which must be added to the cyber security mix. But there’s still some debate as to whether the “red teams” conducting these exercises should … Read More

Pros and Cons of “SOC” (SOC as a Service) or “MSS” (Managed Security Services)

CybeRiskBlog, Cybersecurity

SOC as a Service

For some years now, enterprises looking to reduce the strain on their financial, human, and other resources have been looking to external suppliers to flesh out their organizational portfolios – in the form of cloud-based infrastructure, applications, and services, or the outsourcing of essential functions to qualified third parties. Enterprise security has not been exempt from this trend, and with the evolution of the outsourcing market has come the packaging of almost every aspect of IT as a subscription-based or on-demand commodity. Service offerings from third parties give enterprises the opportunity to gain from state-of-the-art technologies and the expertise of seasoned security professionals, while avoiding the significant capital outlays, recurring and maintenance costs, and management complexity of having to do … Read More

Healthcare Cyber Attacks – Hospital’s Critical Unit and The Cyber Threat

CybeRiskBlog, Cybersecurity

Healthcare Cyber Attacks

In its “2017 Fourth Annual Data Breach Industry Forecast”, Experian predicts that organizations in the healthcare industry will be the prime targets for cyber attacks this year – continuing a trend established over the past two years with several low and high-profile ransomware assaults on hospitals and other healthcare institutions which netted the perpetrators significant gains in both finances and notoriety through reputational damage. Healthcare Cyber Attacks are an issue of growing concern to the patients, staff, administrators, and stakeholders of healthcare institutions across the globe. Update: In early May 2017, over 200,000 victims in over 150 nations were affected during widespread attacks involving a strain of ransomware variously dubbed WannaCry, WCry, or WannaCrypt. Prominent among them were numerous healthcare … Read More

Cyber Security Incident Response – Some Valuable Lessons Learned

CybeRiskBlog, Cybersecurity

Incident Response

The past couple of years has seen a rash of data breaches, malware infections, and other security issues in the business, governmental, and institutional spheres – incidents both high-profile and more privately contained. Forensic investigators and response teams have encountered evidence of new and established attack vectors and techniques, adding to a growing global store of security and threat intelligence. But too often, the emphasis has been on stockpiling and analyzing information on malware variants, attack methodologies, and the consequences for affected systems and networks, ignoring the valuable lessons that can also be learned from incident response and how security incidents are actually being handled. To help redress this balance, this article summarizes much of the accumulated wisdom of security … Read More

Macro-based Malware – How Hackers Exploit MS Office and Open Office (Macro) Files for Phishing

CybeRiskBlog, Cybersecurity

macro-based malware

The market-leading Microsoft (MS) Office and OpenOffice suites of productivity applications have achieved worldwide distribution and popularity – so much so that in the minds of many users across the globe, these software packages are synonymous with basic business practices like word processing, scheduling, spreadsheets and database management. In some regions, the acquisition and selling of certified skills in these productivity suites are an industry, in their own right. But in the minds of cyber-criminals, high-profile software equates to high-profile targets – and almost since their inception, these platforms have been fair game for hackers using their inherent functionality and unaddressed vulnerability issues to achieve their own ends. Historically, the subversion of macros – documents and tools containing scripts that … Read More

Radio Frequency IDentification – Why RFID Cloning is a Major Security Concern

CybeRiskBlog, Cybersecurity

RFID

In an information security environment where “multi-factor authentication” is becoming the watchword, and both users and enterprises are shying away from traditional keypad-based and numeric methods of personal identification and access control, a technology that makes it possible to instantaneously authenticate individuals via hardware they can keep in the change pocket of their jeans makes good marketing sense. Such a technology exists in radio frequency identification (a.k.a. Radio Frequency IDentification or RFID) – but its many applications and ease of deployment are among the very factors now rendering it such a major security concern. RFID – A Nice Idea in Principle Radio Frequency IDentification or RFID uses radio waves for the reading and writing of digital/computer data. It allows objects … Read More

Detection and/or Prevention in Cyber Defense (SOC)

CybeRiskBlog, Cybersecurity

Cyber Defense

Within information security circles, the debate still rages as to which approach is best for ensuring effective cyber defense: Prevention of threats before they have the opportunity to affect protected resources, the early detection of (and rapid response to) threats that have already breached corporate defenses, or some combination of the two. The decision as to which approach is best will have a direct effect on the working practices, policy-setting, and ultimately the technologies acquisition and deployment of enterprise security operations centers (SOCs). In this article, we’ll be looking at the prevailing arguments in the detection/prevention debate, and which trends are likely to affect corporate strategies for cyber defense. Escalating Attacks Creating a Need for an Inclusive Approach to Cyber … Read More