The first and most important action is to educate users of the systems. Most ransomware and cyber-attacks, in general, rely on a user taking an unintended action; commonly a user executes a seemingly normal but nefarious file. Because of this attack vector users should be wary of unsolicited emails, especially ones with attachments and links. To take this one step further users should know what types of files and operations commonly make changes to their systems. This will help them understand when changes are normal or something out of the ordinary is attempting to make changes. To name a few, for example, users of windows machines might want to investigate exe, msi, bat, or ps1 file types prior to executing them.
If you follow cybersecurity news, you’ve been seeing DMARC come up a lot recently, with reports that DHS will be looking at federal agency use of DMARC, vendors lagging on implementing DMARC, and calls for organizations to finally stamp out fake emails. But what is DMARC, and how does it differ from SPF and DKIM? What protection does DMARC offer?
Chances are the content of this article traversed some wireless network prior to being displayed on the device you are using (or prior to being printed out for you hard copy purists). However, today we learned the WPA2 (WiFi Protected Access II), is vulnerable to key reinstallation attacks. For the past 14 years, WPA2 has been considered the industry standard for maintaining a secure wireless network for personal and enterprise connectivity. What makes this newly released vulnerability different than the recent security headlines is this attack is not leveraging unpatched software or a company’s implementation of technology. This attack actually exposes flaws in the protocol specification (standard) itself; meaning all implementations of the standard are (likely) also vulnerable.
Late last week, Equifax – one of the four largest credit reporting bureaus in the United States – disclosed that in July, they experienced a massive data breach that cloud very well represent the largest compromise of significant personally-identifiable information (PII) ever. As reported by the company, data on over 143 million people was compromised, and the scope of that data included some of the most sensitive data that exists regarding individuals: names, addresses, birth dates, and Social Security numbers were captured, along with credit card numbers and other PII for a subset of those persons whose data was breached. Equifax disclosed that the compromised data included residents not only of the United States, but also Canada and the UK.
DarkNet.org.uk reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers. In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.
Multi-factor authentication is often pointed to as a great step in increasing security for account access. In addition to your password, “something you know,” you’ll also need access to your cell phone, “something you have.” For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account. However, problems arise if your access to your cell phone is compromised.
As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category. From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.
Not too many years ago, Microsoft Corporation was viewed somewhat suspiciously in the information security community for what was perceived to be a lackadaisical approach to patching their software and (in particular) their Windows operating systems. Fast-forward to today, and Microsoft is recognized almost universally as having one of the most effective and timely security patching programs in the industry. Of course, Microsoft isn’t the only OS vendor to experience known vulnerabilities; although Apple for many years boasted that it’s software “doesn’t have security holes”, the fact is that the venerable OSX operating system, while a very mature BSD UNIX variant, still encounters periodic security issues which – to their credit – Apple addresses through frequent patch deployments. Even Linux, which runs so much of the Internet’s infrastructure, periodically has major security issues discovered in its supporting software, including a major vulnerability discovered just last week within systemd, a critical piece of software that provides name resolution services.
22 years ago, Irish actor Pierce Brosnan took his first turn as MI-6’s perennial agent James Bond. In that particularly great outing, everyone’s favorite international spy took out a satellite network known as GoldenEye, spearheaded by two satellites named Mischa and Petya. While the fictional GoldenEye satellites delivered an electro-magnetic field (EMF) of radiation that took out all electronics within a 30-mile radius, this week the world was hit with a real Petya: the “GoldenEye” strain of the ransomware that was at the root of last month’s massive WannaCry outbreak.