Tag Archive for: wakeup

US Capitol attack a wake-up call for the integration of physical & IT security

/in


Cyber-physical security

Dark Reading

As Capitol rioters stormed the building, photos were released around social media of rioters sitting at the desks of US elected officials. Clearly, this caused serious concerns in the fields of both physical and cyber security. Seth Rosenblatt, Editor-in-chief and founder of The Parallax, an online cyber security and privacy news magazine, discusses how two traditionally disparate security disciplines can be united.

One of the harrowing images to come out of Wednesday’s attack on the US Capitol was a photo posted by a rioter of an open laptop on a desk in US House Speaker Nancy Pelosi’s office. The screen was visible and apparently unlocked, with a warning in a black box that read, “Capitol: Internet Security Threat: Police Activity.”

While it remains unclear whether the laptop allegedly stolen from Pelosi’s office during the attack on the Capitol is the same one that was photographed in an unlocked state, it underscores how physical security and IT security can go hand in hand.

Pelosi’s Deputy Chief of Staff said on Twitter that the stolen laptop had limited access to sensitive documents and was used just for presentations. Even so, security experts expressed concern at the security implications of stolen Congressional computers and devices.

USCapitol-PhysicalCyber-20

Along with laptops and physical mail that were stolen, the rioters had the opportunity to infiltrate congressional computer systems and networks. Without proper logging of network and system access, a tech-savvy rioter could have done significant harm to congressional computers and systems, points out Dan Tentler, Executive Founder of security testing company Phobos Group.

“Just because an attacker accidentally found themselves in the office of the speaker of the house doesn’t mean that they didn’t have the means to hack Congress,” he says.

Traditionally, disparate physical security and IT security operations are integrating awkwardly. As technology rapidly changes and organisations increasingly emphasise IT security, they run the risk of ignoring physical security concerns — and how they can impact on computer devices, systems, and networks. Equally prioritizing physical and IT…

Source…

SolarWinds hack is a wakeup call for taking cybersecurity action

/in


Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. The tactics deployed by such groups involve a combination of attack types, from exploiting zero-day vulnerabilities to social engineering, gaining access, establishing a foothold and deepening access, and then remaining in a target’s systems undetected until realizing their goal.

The recently detected, high-profile SolarWinds hack is a typical APT attack. It has targeted several US federal departments, private companies and critical infrastructure organizations, going undetected since at least March of last year. The initial infection vector identified so far relates to a zero-day vulnerability of an update of SolarWinds Orion — a platform that provides full IT stack monitoring services — that permitted the attackers to gain access to network traffic management systems. FireEye, which detected the attack, discovered SUNBURST, a malware that was trojanizing the SolarWinds Orion updates.

As is common in APTs, the list of vulnerabilities exploited will probably grow, both in the supply chain and in the internal systems of the targeted entities, as the APT was deepening and escalating. According to an alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), other initial infection vectors are being investigated on top of the SolarWinds-related one. While the initial infection vectors may relate to more entities of the supply chain and/or vulnerabilities of the targeted entities themselves, when the actors of the attack were deepening their access, internal system vulnerabilities should have been exploited for increasing the attack surface. Cybersecurity reporter Brian Krebs has linked a recently identified VMware vulnerability to the SolarWinds attack as a possible attack escalation method, taking into account that access to internal systems has already been achieved through the SolarWinds vulnerability exploitation.

Many questions are yet to be answered as the investigation and…

Source…

Indictment of Chinese hackers is wake-up call for better public-private cooperation | TheHill – The Hill

/in

Indictment of Chinese hackers is wake-up call for better public-private cooperation | TheHill  The Hill
“chinese hackers” – read more

The iPhone Security Wake-Up Call – Slate

/in

The iPhone Security Wake-Up Call  Slate

For years, the answer to the question “What’s the most secure consumer device?” has been easy to come up with: the iPhone. The most secure against criminal …

“malware news” – read more