Archive for octobre 15th, 2021

Worst is yet to come, but they all warned you

Alexandre Blanc CyberSecurity weekly cyber linkedin
Alexandre Blanc Cyber Security

CISA, FBI, Cyber Security specialists, they all warned you, I warned you, and I continue to do so.

Transnational criminal organizations, criminal hackers, are only getting better, and more organized. They have always been, but they are getting better and evolve faster.

This also means that YOU, and YOUR ORGANIZATIONS, must take this in consideration, and must adjust your posture according to this. Your risk register must be updated, and the likelihood of cyber events, at least should be raised or reviewed, especially on the ransomware side.

Doing so should put some level above the threshold you established, and some items that where falling under the « risk acceptance » option, will fall under the unacceptable, requiring compensation measures.

So you will update your security plan accordingly, while you adjust your risk posture.

A reminder on the risk management strategies :

  • Risk Avoidance – Change organization practices to avoid the risk
  • Risk Transference – Take an insurance, move the risk to a third party, BUT, keep in mind, there is no way you transfer 100% of the risk, which means, you need mitigation !
  • Risk Mitigation – Take action design to reduce the likelihood or impact of a risk
  • Risk Acceptance – After analysis, determining if cost makes the compensation irrelevant, then acceptance is the option
  • Risk Deterrence – Dissuade a threat to happen, which can only be applied to risks that can be affected by controlled factors

So you’ll place security controls, which are procedures and mechanisms that an organization puts in place to manage security risks.

You’ll follow the defence in depth approach, multiple controls for one objective, overlapping security controls.

These security controls fall under 3 categories :

  • Preventive, the goal being for the incident not to happen (you have a raid, so as when a disk dies, you don’t lose the data)
  • Detective, goal is to identify a failing preventive security control, or an incident
  • Corrective, restoring backups, because preventive controls failed, detective was missed, and you lost the data.

For each category above, you have many controls available (remember, people, process and technology somehow) :

  • Technical controls (technology based, like a firewall)
  • Operational controls (processes carried by humans)
  • Management controls ( conducting risk assessments, security planning, change management etc).

When your risk register is complete, you have the assessment done (exposure factor, single loss expectancy, you got your Annual Loss Expectancy by multiply SLE x ARO as in anual risk occurence), and you get a quantitative and qualitative assessment.

Your goals are defined via RTO (recovery time objective), RPO (recovery point objective), MTD (maximum tolerable downtime), and you know your MTTR (mean time to repair).

If you don’t know what adversary risks (aside of all the other existing risks) your organization face, have look to MITRE ATT&CK and check if anything is applicable to you, and therefore, if you have matching controls in place.

This week in the cyber news, helping you to have a real view of the threat landscape and what happens to others, so as you can actually review your posture, and adjust the above listed risk approach accordingly.

This week in 60 bullets :

1 – You are a target, you may just not be watching your logs – North American Orgs Hit With an Average of 497 Cyberattacks per Week


2 – Do you have the proper security posture for today’s threat landscape ? Cox Media Group confirms ransomware attack that took down broadcasts


3 – Phishing is still dominant, very cheap, with good success rates – Intuit warns QuickBooks customers of ongoing phishing attacks


4 – There is something brewing in the #cybersecurity market. A change to come within 6 months to 1 year ( I make the prediction :) ) – Do you have an MSSP partner already ? Who are you going to call during the next incident ? (Nope, Ghostbusters are busy)


5 – Security can be an illusion ! Reverse engineering and decrypting CyberArk vault credential files


6 – it’s iOS patch time again ! Yes, the iPhone, iPad, iPod, iSuck and all their invasive stuff – Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks (that was 3 days ago, hopefully you updated already)


7 – it’s #libreoffice and #openoffice path time ! LibreOffice, OpenOffice bug allows hackers to spoof signed docs


8 – Technology is the art of deception, and bugs left on purpose are often state sponsored, which can lead to frustration of researchers – Researcher Disclosed Telegram Vulnerability, Refused Bounty For Staying quiet


9 – The cloud more and more targeted and hacked – Huawei Cloud targeted by updated cryptomining malware


10 – spying, hacking, stealing IP, research and trade secrets is a reality. Don’t think you are not a target – Nuclear engineer’s espionage plans unraveled by undercover FBI agent


11 – Cyber battlefield, you are all connected to it – Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo


12 – Don’t wait for an incident ! Your defenses must detect and respond against these quickly – Pacific City Bank discloses ransomware attack claimed by AvosLocker


13 – Transnational crime scoreboard : REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021


14 – The threat landscape on ransomware is shifting, while we saw some focusing on encryption and giving up on stealing files, some groups now only focus on this approach – SnapMC hackers skip file encryption and just steal your files


15 – The cloud is an expensive scalable mess – Microsoft revokes insecure SSH keys for Azure DevOps customers


16 – The cloud attacked more and more, a growing target facing growing amount of challenges to keep up – Microsoft: Azure customer hit by record DDoS attack in August


17 – The cloud is infected, so much for « play protect » ! Photo editor Android app STILL sitting on Google Play store is malware


18 – Protecting your private keys is even more critical when you use wildcard certificates – NSA warns of wildcard certificate risks, provides mitigations


19 – Ransomware threat actors are coming after the cloud, and cloud workload holding your data are at risk – AWS ransomware attacks: Not a question of if, but when (90% of the S3 buckets at risk ! )


20 – Happy to see in my sponsored feed some more consideration on the cyber threat landscape handling, especially the ransomware side of things – Hysolate CTO and Co-Founder Tal Zamir presents at the recent IT Pro – Information Week Conference ‘Defending Against Ransomware


21 – A quick take at what happened to Facebook, short and straight to the point – The Facebook outage and network configuration


22 – Don’t worry, it’s just exploited since January – Microsoft Fixes Zero-Day Flaw in Win32 Driver


23 – Interesting approach from dutch police speaking to criminals – Dutch police send warning letters to DDoS booter customers


24 – The cloud is such and easy shiny target, corrupt one, corrupt them all – Office 365 Spy Campaign Targets US Military Defense


25 – Supply chain poisoning by cloning (or forking), easy, cheap and efficient ! PyPI removes ‘mitmproxy2’ over code execution concerns


26 – Connected = hacked – FreakOut botnet now attacks vulnerable video DVR devices


27 – Would you be able to detect and respond to such attack ? AND, do you have enough cash to hold 1 or 2 weeks for when your bank falls offline ?! Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha


28 – Some good, and some bad – Australia to tackle ransomware data breaches by deleting stolen files


29 – pros and cons as usual – EU legislation introduced to ban anonymous domain registration


30 – Internet is a battlefield, a bias machine, and the cloud is a steroid for disinformation and leaks – A Close Look at Russia’s Ghostwriter Campaign


31 – Your wallet has (had) a hole and it leaks your assets – Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets


32 – Want it or not, the cloud leaks – Verizon digital carrier Visible customer accounts were hacked


33 – The cloud is now widely recognized as a threat, and we see more and more solutions coming on the market for organizations that need to place data in the cloud, but don’t want their data stolen, abused, mined etc. – New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted


34 – When technology and politics collide – Russia and China left out of global anti-ransomware meetings


35 – jealous of Facebook maybe, all the big players must have their AS config fail, it’s like a prerequisite to join the table – OVH hosting provider goes down during planned maintenance


36 – A 2 minutes video that allows you to get the ICS challenges of today, well done – « ROUNDS #1 – STRONG GUARD » about industrial control systems


37 – When the marketplace competes with its sellers, the deck is stacked – the company ran a systematic campaign of creating knockoffs and manipulating search results to boost its own product lines in India, one of the company’s largest growth markets


38 – Be aware that this is a reality in many places, assumed guilty and jailed. Given how technology is all fake and lies, you can only guess how easy it is for anyone to be sent in jail on fake proof – Belarus: Joining banned Telegram channels will land you in prison


39 – What did you do to avoid this ? Are you sure you have the proper people, processes and technologies in place and it is well implemented ? Acer confirms breach of after-sales service systems in India


40 – As predicted, the growth of ransomware is started, and that’s only the beginning. No fear mongering, FACTS ! New Yanluowang ransomware used in targeted enterprise attacks


41 – The clowd as well. pile of lies – Washington Attorney General says Facebook knowingly lied in lawsuit testimony


42 – Big tech and clowd style – Apple silently fixes zero-day Flaw without Crediting the finder


43 – ou can’t even know what’s in your IoT, and you blindly trust the cloud ? Organizations losing business due to connected product security concerns


44 – Interesting stats, based on what people gave to google via virus total (BTW, never upload confidential documents on this platform ! Nor in online translation tools, they are all using the data and selling it on the free accounts) – VirusTotal Shares Data on Ransomware Activity


45 – So tempting to play big brother when you have access to all the data in the world – Microsoft will put government and police contracts through independent human rights review


46 – Are you sure you are not providing computing resources to transnational criminal organization (or the cloud :p ) – MyKings botnet still active and making massive amounts of money


47 – WordPress plugin patch time : Brizy Page Builder – Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers


48 – MFA anyone ? hopefully you also use a password manager and a unique password for each and every services – Thingiverse Data Leaked — Check Your Passwords


49 – Big tech abuses cleanup time, happy to see some action – FTC fires warning shot at 700 leading companies about fake reviews


50 – At some point common sense should come back and we should stop connecting everything and anything, building dangerous data lakes etc – University of Sunderland announces outage following cyberattack


51 – SIP can also lead to massive take over – Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones


52 – A malware on top of a spyware ! Malicious Chrome ad blocker injects ads behind the scenes


53 – Layered security and overlapping security controls are needed – 13 Vulnerabilities Discovered in a Widely Used Industrial Router


54 – Interesting but, can this be done ? Governments worldwide to crack down on ransomware payment channels


55 – Getting on the path to massive casualties – US government discloses more ransomware attacks on water plants


56 – Good old email, if you don’t have independent advanced email filtering, you should talk to your MSSP, in most case it’s affordable and deployed in less than a day – Russian cybercrime gang targets finance firms with stealthy macros


57 – Don’t worry, it’s only data after all – Twitch downplays this month’s hack, says it had minimal impact


58 – As part of your incident response plan, you should have a communication plan, and ideally bring transparency – Accenture confirms data breach after August ransomware attack


59 – Cyber crime supply chain is constantly enhancing. Is your posture adjusting too ? Attackers Behind Trickbot Expanding Malware Distribution Channels


60 – Where do you stand with your patch management ? Server Patching Best Practices. Stop Patching, Start JetPatching


And that’s all for this week ! Wishing you a good weekend ! That was pretty intense, despite a shorter week here in Canada :D …. what, he’s Canadian ? but he’s got such a French accent… .oh boy, yes, something like that ! :D Find me on linkedin here.

Loading

vendredi, octobre 15th, 2021 Technologie Aucun commentaire
Not f'd — you won't find me on Facebook
octobre 2021
L M M J V S D
 123
45678910
11121314151617
18192021222324
25262728293031
 

 
Suivez moi sur twitter - follow me on twitter
 
Follow on LinkedIn
[FSF Associate Member]
 
Free Software, Free Society
VIRTUALISATION :
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
SECURITE - FIREWALL :
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
HAUTE DISPONIBILITE :
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
STOCKAGE RESEAU :
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
OPTIMISATION WORDPRESS :
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
VPN - ROUTEUR - LAN:
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
TENDANCES - WEB:
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
Jquery
TRUCS ET ASTUCES GNU/LINUX :
Tuxmachines.org - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
MONITORING :
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
AUTRES LIENS :
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne
Inforeseau.fr