Tag Archive for: Questions

9 Questions You Should Ask About Your Cloud Security

/in


FREDERICK, Md.–(BUSINESS WIRE)–May 13, 2022–

In a brief video explainer and commentary, Josh Stella, chief architect at Snyk and founding CEO of Fugue, a developer-first cloud security SaaS company, advises business and security leaders on why relying on “checkbox security” approaches in the cloud leaves them vulnerable to attack.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220513005085/en/

In order for business leaders and cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or rather like George C. Scott, the actor who won the Best Actor Oscar for his portrayal of the general in the 1970 film “Patton”).

In an early scene, the camera focuses on a book Patton is reading by German General Erwin Rommel. The point is to show how Patton does not rely solely on military intelligence to plan the next battle. He’s being proactive in learning as much as he can about how his adversary thinks and operates. The next scene depicts Patton’s troops launching a devastating attack on German tanks and infantry. Peering through his binoculars, Patton smiles and yells “Rommel, you magnificent (expletive), I read your book!”

So too must business and security leaders be proactive in gaining as much knowledge as they can about hackers’ motivations and tactics. Do not rely only on what your security solutions are telling you because that will only give you a false sense of security. Every day, hackers are sidestepping security perimeters, crossing arbitrary boundaries, and evading security solutions to ultimately get at the data they want without detection.

Your adversaries are probably not going to write books about their methodologies for you to study. So, here are nine questions that all senior executives (CISOs, CIOs, CEOs) need to ask about their cloud security and that their cloud security teams should know the answers to at all times.

1. How out of compliance is our cloud environment?

No enterprise organization operating in the cloud has an environment that’s 100% in…

Source…

DOJ’s Sandworm operation raises questions about how far feds can go to disarm botnets

/in


Written by Suzanne Smalley
Apr 8, 2022 | CYBERSCOOP

The notion that citizens are protected from unreasonable search and seizure is a bedrock legal principle: A court must issue a search warrant before police can enter a private home and ransack it looking for evidence. 

In what former prosecutors and legal experts call a landmark operation, the Department of Justice has now tested that principle to disrupt a Russian botnet that was spreading malware on a far-flung network of computers. Using so-called remote access techniques, law enforcement effectively broke into infected devices from afar to destroy what the U.S. government calls the “Cyclops Blink” botnet — and did so without the owners’ permission.

While the search warrant publicized by DOJ makes clear that this access did not allow the FBI to “search, view, or retrieve a victim device owner’s content or data,” legal experts say the case does raise questions about how far the government’s power should extend under a federal criminal procedure provision known as Rule 41.

The Kremlin-backed hackers responsible for the botnet — a group known to cybersecurity researchers as Sandworm — exploited a vulnerability in WatchGuard Technologies firewall devices to install malware on a network of compromised devices. By leveraging physical access to a subset of infected devices, the FBI said it was able to reverse engineer its way into accessing all of the botnet’s command and control devices. 

The government’s use of a search warrant to gain such remote access to individual computers without notice to the owners relied on a 2016 amendment to Rule 41, a federal rule of criminal procedure. The culmination of a three-year deliberation process which included written comments and public testimony before the federal judiciary’s Advisory Committee on the Federal Rules of Criminal Procedure — a committee which includes judges, law professors, and attorneys in private practice — the 2016 amendment was ultimately adopted by the Supreme Court and approved by Congress.

While the amended rule has been used previously, legal experts say this case appears to…

Source…

Considering buying a smart device? To protect your security, ask yourself these five questions

/in


Published on:

Houses are getting smarter: smart thermostats manage our heating, while smart fridges can monitor our food consumption and help us order groceries. Some houses even have smart doorbells that tell us who is on our doorstep. And of course, smart TVs allow us to stream the content we want to watch, when we want to watch it. (If that all sounds very futuristic, a recent survey tells us that 23% of people in western Europe and 42% of people in the US use smart devices at home.)

While these smart devices are certainly convenient, they can also present security risks. Any device with an internet connection can be compromised and taken over by attackers. If a compromised smart device has a camera or microphone, an attacker may access these and any data on the device can be read, viewed, copied, edited or erased. The compromised smart device may look at your network traffic to find your usernames, passwords and financial data.

It may look to take over other smart devices that you own. For example, an attacker could adjust the temperature on a smart thermostat, making the house too warm, and demand a ransom be paid to let you take back control of your central heating. Alternatively, a smart CCTV system can be taken over and the data watched by an attacker or deleted after a burglary.

Smart devices can also be made to attack other systems. Your smart device can become part of a “botnet” (a network of compromised smart devices under the control of a single person). Once compromised, it will search for other smart devices to infect and recruit into the botnet.

The most common form of botnet attack is called a distributed denial of service attack (DDoS), where the botnet sends hundreds of thousands of requests per second to a target website, which prevents legitimate users from accessing it. In 2016 a botnet called Mirai temporarily blocked internet access for much of North America and parts of Europe.

In addition to DDoS attacks, your smart devices can be used to spread ransomware – software that encrypts a computer so it can only be used after a ransom has been paid. They can also be engaged in cryptomining (the…

Source…

Hackney Council could be forced to answer questions about IT security training after Psya ransomware

/in


A council hit by a cyber attack could be forced to answer questions about the IT and security training it gave staff when they were forced to work from home because of the pandemic.

Cyber criminals struck Hackney Council in October 2020, with Pysa, or Mespinoza, ransomware paralysing some of its online services.

Four months later, employees’ and residents’ data was allegedly published on the dark web by hackers who claimed it came from the attack on the London council’s IT systems.

The council said the attack affected “a limited set of data, it has not been published on a widely available public forum, and is not available through search engines on the internet”.

The National Crime Agency is still investigating the attack, as is the National Cyber Security Centre.

Missing data

The attack has cost the council millions of pounds and it is still missing data across many services.

It said the most critical services were Mosaic for social care, Academy for its benefits and revenues, and M3 for planning and land charges and delivering modern digital tools in housing.

Other local authorities have been targeted by hackers. Gloucester Council became the latest victim when it was attacked for the second time in December, when hackers hit services including revenue and benefits and planning.

Salisbury, Copeland and Islington councils were also affected by cyber attacks over the 2017 August bank holiday, when hackers unsuccessfully asked for a bitcoin ransom in return for data.

The attack on Hackney affected benefits data. Some people were unable to perform property searches, which affected some house sales in the east London borough.

Information commissioner to take action

The council now faces action from the information commissioner after refusing to say whether it gave council staff security training when they were required to work from home during the pandemic.

Liberal Democrat campaigner Darren Martin submitted a Freedom of Information request to ask the council what IT security training was given to staff in the two years leading up to the cyber attack.

“If it turns out that the attack that has left our vital services crippled in the borough since 2020…

Source…