Tag Archive for: stories

Outrageous Stories From Three Cyber Incident Responders

/in


Working in cyber incident response can certainly make life interesting. Experiences typically run the gamut from exciting, dull, fun, repetitive and challenging.

IBM Security commissioned a study from Morning Consult that surveyed over 1,100 cybersecurity incident responders across ten countries. Unsurprisingly, over two-thirds of respondents experienced daily stress or anxiety due to the pressures of responding to a cyber incident. Despite the challenges, responders are willing to take on the IR role because of their exemplary sense of duty.

But perhaps one of the underrated perks of working in incident response is the ability to tell outrageous true stories. We spoke with three incident responders about some of the most exciting experiences they’ve had working in the field. 

Shadow IT: Ransomware Gone Wild

Michael Clark, Director of Threat Research at Sysdig, was on an IR engagement in which a workstation was connected to both a cable modem and the internal network.

“We traced through countless machines back to a lab system no one knew about,” Clark said. “It was dual-homed (two network cards), one connected to the corporate network, the other to a cable modem on the Internet.”

Clark also responded to an incident where malware was spreading using a Windows vulnerability, and the client couldn’t patch their systems quickly.

“We had to deploy EDR to isolate infected systems while also not bringing down the whole network until they could green-light a patch,” he said.

The network was compromised with worm-like ransomware, so it would constantly traverse the network looking for new systems to compromise.

“What made this one interesting was the vulnerability exploited couldn’t be easily patched, and it affected the Active Directory infrastructure,” he said. “A new gold image had to be made and tested first because if you brought up a clean server without the patch, it would just be compromised again. So we had to keep as much isolated as we could with the network still operational while the new image was made. It was a bit of a balancing act.”

Punked by a Third-Party

Eric Florence is a cybersecurity consultant for securitytech.org and a former incident…

Source…

Our Top IT Stories From 2022

/in


2022 was a very busy year for IT professionals as they grappled with new trends, technologies, tools, workplace models, cyberattacks and more while they helped their organization remain productive and secure. We looked back at our coverage to find common trends in our content to bring you our top 10 stories from this past year. 

The distributed work experiment continues

Although some organizations made news by ordering employees back to the office, many organizations are still offering hybrid working arrangements to employees. There have been countless surveys and studies on this issue, and virtually all of them show that employees are demanding some level of flexible working arrangements, so mandating a return to the office will likely lead to turnover.

With organizations now forced to accept hybrid work, IT leaders are turning to technology and new innovations to help keep employees connected. The year saw many new features in videoconferencing platforms like Zoom, Microsoft Teams, Google Meet and Webex, as well as new AI-driven hardware to support those platforms.

However, some challenges remain, including mental and physical health, transportation, housing, and a persistent disconnect between the flexible work demands of employees and what executives are willing to offer.

We should continue to see new innovations in technology to support hybrid work models this year as we head into year three of the COVID-19 pandemic.

Cloud computing soars

Of course cloud computing is on our list of top IT stories in 2022. Despite a projected IT spending growth of just 0.8% for 2022, IT analyst firm Gartner says public cloud spending is projected to rise by nearly 19% in 2022 and is poised for another big leap in 2023 of nearly 21%. This comes as organizations are looking to the cloud to help support growth amid economic uncertainties as a recession is likely.

Other Gartner research of the thoughts of IT leaders finds that 42% say cloud migration is a top area of investment, and 34% say infrastructure compute and storage are top tech priorities.

However, as organizations navigate a complicated process, they are left with some legacy on-premises systems that can make security and…

Source…

True crime stories – A day in the life of a cybercrime fighter [Audio + Text] – Naked Security

/in


Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure.

[MUSICAL MODEM]

PAUL DUCKLIN.  Welcome to the Naked Security podcast, everybody.

This episode is taken from one of this year’s Security SOS Week sessions.

We’re talking to Peter Mackenzie, the Director of Incident Response at Sophos.

Now, he and his team… they are like a cross between the US Marine Corps and the Royal Navy Special Boat Service.

They go steaming in where angels fear to tread – into networks that are already under attack – and sort things out.

Because this episode was originally presented in video form for streaming, the audio quality isn’t great, but I think you’ll agree that the content is interesting, important and informative, all in equal measure.

[MORSE CODE]

[ROBOT VOICE: Sophos Security SOS]

DUCK.  Today’s topic is: Incident response – A day in the life of a cyberthreat responder.

Our guest today is none other than Peter Mackenzie.

And Peter is Director of Incident Response at Sophos.

PETER MACKENZIE.  Yes.

DUCK.  So, Peter… “incident response for cybersecurity.”

Tell us what that typically involves, and why (unfortunately) you often need to get called in.

PETER.  Typically, we’re brought in either just after an attack or while one is still unfolding.

We deal with a lot of ransomware, and victims need help understanding what happened.

How did the attacker get in?

How did they do what they did?

Did they steal anything?

And how do they get back to normal operations as quickly and as safely as possible?

DUCK.  And I guess the problem with many ransomware attacks is…

…although they get all the headlines for obvious reasons, that’s often the end of what could have been a long attack period, sometimes with more than one load of crooks having been in the network?

PETER.  Yes.

I describe ransomware as the “receipt” they leave at the end.

DUCK.  Oh, dear.

PETER.  And it is, really – it’s the ransom demand.

DUCK.  Yes, because you can’t help but notice it, can you?

The wallpaper has got flaming skulls on it… the ransom…

Source…

Top 10 crime, national security and law stories of 2022

/in


A Russian hacking group, believed to be working on behalf of Russian intelligence, has been targeting politicians, journalists, military and former intelligence officers for at least the past seven years.

In May this year, the group secured one of its greatest successes by publicly compromising emails and documents from Richard Dearlove, a top British spy chief and former head of MI6, and more than 60 others, in a secretive network of right-wing activists set up in 1988 to campaign for a hard Brexit.

Computer Weekly, with the assistance of a grant from the Association of British Science Writers, has been able to systematically analyse the leaked emails, which reveal how the group tried to influence government policy on Chinese technology, satellites, vaccines and Covid. We present the first two stories in a series here.

Meanwhile, the courts have continued to grapple with the legal implications of a novel hacking operation against encrypted phone network EncroChat, which has led to hundreds of arrests of organised criminals in the UK.

Courts in multiple countries are addressing legal questions over whether millions of messages harvested from EncroChat can be lawfully used in evidence. In the UK, the Investigatory Powers Tribunal is considering whether the UK’s National Crime Agency acted with proper candour when it applied for a Targeted Equipment Interference warrant that would allow EncroChat evidence to be cited in court. The verdict could affect hundreds of prosecutions.

Europol co-ordinated the EncroChat hacking operation. MEPs voted to give it new powers to collect and process data on European citizens from telephone, internet and social media and other sources. The vote overturned an order by the European Data Protection Supervisor (EDPS) requiring Europol to delete huge amounts of previously unlawfully gathered data, including data on people not suspected of any crime.

Computer Weekly also reported on government pressure to weaken the protection offered by end-to-end encryption, to better police terrorism and child abuse. The proposals have been criticised by the Information Commissioner’s Office for failing to recognise the value of encryption for security,…

Source…