Expert(s):
Principal Security Strategistfeature_status*/ ?>
Synopsys CyRC

Comments Dotted : 61
February 02, 2021

Experts Advise After Personal Data Of 1.4 Million Washington Exposed
Threat models seek to perform a forensic analysis before the incident occurs.
Compromises come in many forms where the attacker defines the rules of their attack. In this case, the nature of the data is particularly worrisome as it could be used in future crimes. While an offer of free credit report might help alleviate some of the fallout from the attack, that the information being transferred contained banking information in addition to employment details and social security numbers could allow for a highly targeted phishing attack. Washington residents should be
.....Read More
Compromises come in many forms where the attacker defines the rules of their attack. In this case, the nature of the data is particularly worrisome as it could be used in future crimes. While an offer of free credit report might help alleviate some of the fallout from the attack, that the information being transferred contained banking information in addition to employment details and social security numbers could allow for a highly targeted phishing attack. Washington residents should be particularly wary of anyone directly and proactively contacting them about an unemployment claim via email or phone. Given the nature of the stolen data, it becomes that much easier to trick someone into thinking such proactive outreach is legitimate.
 

From a cybersecurity perspective, this attack highlights that proper security isn’t simply a matter of protecting servers with firewalls and desktops with anti-malware. Attackers will find a weak link and if transferred data is in a consumable format, such as in plain text, then the damage from a compromise is that much greater. This is a perfect example of where threat models play a role. A forensic analysis will seek to determine key questions like who verified whether the file transfer service setup by Accellion was patched and who determined the file format used for the transfer? Threat models seek to perform a forensic analysis before the incident occurs in order to prevent the need for an incident response.

  Read Less
February 01, 2021

Florida Medicaid Website Hacked For 7 Years, Hundreds Of Thousands Affected
Health information is valuable to attackers for multiple reasons, and where errors in data could impact patient health.

Cybersecurity threats evolve over time, which means that data controllers need to be ever vigilant that their security measures meet not only the requirements of the current threat landscape but those in the foreseeable future. Unfortunately, the IBM Cost of a Data Breach report has shown us over many years that healthcare systems are the slowest to identify and contain a breach. This all despite the reality that health information is valuable to attackers for multiple reasons, and where

.....Read More

Cybersecurity threats evolve over time, which means that data controllers need to be ever vigilant that their security measures meet not only the requirements of the current threat landscape but those in the foreseeable future. Unfortunately, the IBM Cost of a Data Breach report has shown us over many years that healthcare systems are the slowest to identify and contain a breach. This all despite the reality that health information is valuable to attackers for multiple reasons, and where errors in data could impact patient health – a situation made all that more concerning when the patients are children.

This incident should serve as a wake-up call for any organisation, healthcare or otherwise, that is assuming that their provider is keeping pace with the current threat landscape. If you are in a regulated industry, and your provider can’t demonstrate they currently meet the audit requirements for your industry, then they may not be the provider for you. Similarly, if you’re not having regular discussions about cybersecurity with a provider that touches your data, or that of your customers, then that should be remedied as quickly as possible. Ultimately, you are responsible for the data collected and processed on your behalf.

  Read Less
January 08, 2021

Experts Reacted On Hackney Council Leaked Documents
At best there is a hope the attackers will do as they state and not release the data.

Whenever an organisation is in the position of dealing with a demand of ransom from a cyber-attack, the time for securing data has passed. At best there is a hope the attackers will do as they state and not release the data, but there is nothing to say that copies didn’t otherwise exist, and the attackers view the ransom as but one of a number of revenue streams associated with the data. While there is value in performing post-incident forensic analysis, the best analysis is performed prior

.....Read More

Whenever an organisation is in the position of dealing with a demand of ransom from a cyber-attack, the time for securing data has passed. At best there is a hope the attackers will do as they state and not release the data, but there is nothing to say that copies didn’t otherwise exist, and the attackers view the ransom as but one of a number of revenue streams associated with the data. While there is value in performing post-incident forensic analysis, the best analysis is performed prior to the incident. Such analysis should include an understanding of which data attributes are accessible to which employees, contractors or third-party services and what controls and protections are in place to limit the scope of damage should a compromise of any staff or external system occur. This forms a data supply chain analysis and is similar to the risk analysis organisations should be performing on their software supply chains. Ultimately, the goal of these efforts should be a comprehensive threat model that includes an understanding of what monitoring actions and alarms should be in place to detect attempts to circumvent cybersecurity measures. While this effort might not prevent a ransomware attack, it could limit the scope of damage within the organisation and increase the difficulty an attacker might have when attempting to access any data.

  Read Less
December 03, 2020

Experts Reaction On Dua Lipa And Other Spotify Artists’ Pages Hacked By Taylor Swift ‘Fan’
From a public perspective, without clarity around how the Spotify for Artists web site is related to the consumer Spotify site.
While the details of what weaknesses in Spotify’s security practices remain unknown, the attack highlights an important aspect of all cyber-attacks – the attackers define the rules of their attack. In this case, vandalism is an obvious component, but it could also be but one aspect of their ultimate goal. From a public perspective, without clarity around how the Spotify for Artists web site is related to the consumer Spotify site, I would recommend that all Spotify users take this.....Read More
While the details of what weaknesses in Spotify’s security practices remain unknown, the attack highlights an important aspect of all cyber-attacks – the attackers define the rules of their attack. In this case, vandalism is an obvious component, but it could also be but one aspect of their ultimate goal. From a public perspective, without clarity around how the Spotify for Artists web site is related to the consumer Spotify site, I would recommend that all Spotify users take this opportunity to reset their passwords and review which apps they’ve linked to the Spotify service. Businesses seeking to learn from this incident should ask themselves how quickly they would be able to identify if they had fallen victim to a similar defacement effort. If the answer isn’t affirming, then a review of audit and monitoring practices is in order, along with a review of incident response planning.  Read Less
December 02, 2020

Expert Reaction On Half Of All Docker Hub Images Have At Least One Critical Vulnerability
Container images are a combination of an application.
Container images are a combination of an application with operating system elements and supporting frameworks. Development teams creating distributed systems following a microservice or cloud native philosophy will select third-party container images to perform one of two functions. Either the container image is used “as is” to provide a shared service, such as with a database, or will be embedded as a base image to create a new container image. In both situations, the design and security.....Read More
Container images are a combination of an application with operating system elements and supporting frameworks. Development teams creating distributed systems following a microservice or cloud native philosophy will select third-party container images to perform one of two functions. Either the container image is used “as is” to provide a shared service, such as with a database, or will be embedded as a base image to create a new container image. In both situations, the design and security practices of the team creating the original container image have a direct impact on the security of the resultant system. Put another way, do you trust that a third-party development team has followed security practices that are at least as stringent as those you expect your own team to follow? This is critical given that production operating systems should be hardened and have a minimal attack surface, and that container images typically have operating system components in them. When selecting an image from Docker Hub, a development team is implicitly stating that they trust the security practices of the author of that container image. Such implicit trust is risky from a security perspective, which is why many organisations are now creating hardened container images where the image hardening process is managed by a dedicated team skilled in operating system hardening which is separate from the core development team. These hardened images are then pushed to an internal registry and policies are defined that only allow images originating from hardened images in that internal registry to execute in a production cluster.  Read Less
December 01, 2020

Experts Insight On Baltimore County Public Schools Fall Victim To A Ransomware Attack
£5 to £10 quid per month in reward points for an app.
Over the years I’ve often been asked about consumers having a marketplace to sell or minimally manage their personal data with a core question of how much consumers might charge. Now we have it – £5 to £10 quid per month in reward points for an app to monitor all internet usage while also having an excess in app permissions allowing the app to listen to background conversations. For some this might be appealing, but it should clearly demonstrate to everyone that personal data is valuable .....Read More
Over the years I’ve often been asked about consumers having a marketplace to sell or minimally manage their personal data with a core question of how much consumers might charge. Now we have it – £5 to £10 quid per month in reward points for an app to monitor all internet usage while also having an excess in app permissions allowing the app to listen to background conversations. For some this might be appealing, but it should clearly demonstrate to everyone that personal data is valuable to app authors. After all, the £5-£10 quid per month has to be coming from somewhere, and all the user has done is provide internet access data.  Read Less
November 23, 2020

Experts Reaction On Verizon Cyber-Espionage Report
The starting point in such a defence is a comprehensive inventory of all software.
If your business were a target of a well-funded malicious group, how would you know? For most victims, the initial exploited weakness was likely an opportunistic one, even when the damage done was significant. Victims of cyber espionage find themselves subject to a strategic set of actions. As highlighted in the report, cyber espionage teams are often well-funded and highly skilled. This combination allows them to infiltrate a business quickly and leave few traces behind which in turn increases .....Read More
If your business were a target of a well-funded malicious group, how would you know? For most victims, the initial exploited weakness was likely an opportunistic one, even when the damage done was significant. Victims of cyber espionage find themselves subject to a strategic set of actions. As highlighted in the report, cyber espionage teams are often well-funded and highly skilled. This combination allows them to infiltrate a business quickly and leave few traces behind which in turn increases the potential for ongoing damage. While their motivations might be financial, the rules they follow in their attacks will be unique to each team – even an outcome such as a ransomware demand might occur. Defending against such an attack requires businesses to identify what assets they possess and how those assets might be valuable to an attacker – be that as a stepping stone along the attack path or as a saleable commodity. The starting point in such a defence is a comprehensive inventory of all software, how it’s configured, its role within the organisation, how it’s connected to other software powering the business and what data it has access to. From there a data model can be created that maps users to data and systems in a manner that allows for audit rules to be defined. Once audit rules are in place, monitoring can begin which then feeds into monitoring for unexpected access. While this process can be daunting, it should be considered a work in progress which supports good business hygiene such as patch management, disaster recovery planning and compliance with data privacy regulations.  Read Less
October 28, 2020

Expert Reacted On Isentia Breach And Its Impact On Government Departments
The underlying threat models should take into account how an attacker might use the data they collect.
Ransomware attacks are on the rise, and for the attackers, it’s likely comforting to learn that per IDC’s ANZ Ransomware Survey almost 1/3 of ANZ organisations hit by ransomware in the past two years paid the ransom. Unfortunately, when payment occurs, those monies are then available to create yet more innovative attacks, and potentially fund other criminal activity – a situation highlighted by the US Department of the Treasury’s Office of Foreign Assets Control in an advisory last.....Read More
Ransomware attacks are on the rise, and for the attackers, it’s likely comforting to learn that per IDC’s ANZ Ransomware Survey almost 1/3 of ANZ organisations hit by ransomware in the past two years paid the ransom. Unfortunately, when payment occurs, those monies are then available to create yet more innovative attacks, and potentially fund other criminal activity – a situation highlighted by the US Department of the Treasury’s Office of Foreign Assets Control in an advisory last week. For businesses seeking to restore operations quickly, payment of the ransom may seem like an acceptable solution. Unfortunately, as the Toll Group found earlier this year, implementing IT improvements following one attack doesn’t preclude another successful attack. Defending against any type of malware requires a comprehensive plan that looks at human factors in addition to technologies. Importantly, the underlying threat models should take into account how an attacker might use the data they collect. In the case of Isentia, customers should look to change any credentials they’ve provided on the Isentia platform as well as to revoke any access tokens to media platforms Isentia was monitoring for them. Doing so could limit ongoing damage if Isentia's customer data was exfiltrated during the attack.  Read Less
October 04, 2020

Comment: 73% Of Security Professionals And Developers Sacrifice Security For Speed
To realise the potential of this paradigm, security leaders need to embed the knowledge within the development flow.
Prioritisation of feature development relative to security has long been a challenge, but it’s not without a solution. In a DevSecOps world, empowering development teams can result in higher quality code with fewer security defects. To realise the potential of this paradigm, security leaders need to embed the knowledge within the development flow and not simply bolt it on at the end of the development process. By embedding this knowledge within the development flow, security knowledge created .....Read More
Prioritisation of feature development relative to security has long been a challenge, but it’s not without a solution. In a DevSecOps world, empowering development teams can result in higher quality code with fewer security defects. To realise the potential of this paradigm, security leaders need to embed the knowledge within the development flow and not simply bolt it on at the end of the development process. By embedding this knowledge within the development flow, security knowledge created by one team can be shared by others within the overall software development lifecycle (SDLC). For example, if an Ops team is aware of security weaknesses present in the code they run, but which Dev teams have triaged for future resolution, the Ops teams are then able to compensate for any weaknesses. By focusing on the information flow and not the tooling, organisations can increase tool usage by raising the awareness of the types of findings uncovered by specific security techniques which then in turn increases the overall security competency within development teams as they process this security information. When armed with low friction activities like creating threat models and security team participation in scrums, an organisation’s security maturity can increase quickly by making everyone part of the solution. An effective template for this process can be found in recent ESG research on modern application development security.  Read Less
October 04, 2020

Security Expert On Amazon One – Palm Scanner Launched For ‘Secure’ Payments
Biometric based user identification is nothing new.
Biometric based user identification is nothing new. In recent years programs like CLEAR in the US incorporate biometrics to identify airline passengers and programs like Global Entry offer the similar functionality for US passport control. Extending this capability to payment systems is a logical step, but one where participation should be voluntary. Malicious groups know that health and biometric data isn’t easily replaced making it a prime target for any attack. This means that any.....Read More
Biometric based user identification is nothing new. In recent years programs like CLEAR in the US incorporate biometrics to identify airline passengers and programs like Global Entry offer the similar functionality for US passport control. Extending this capability to payment systems is a logical step, but one where participation should be voluntary. Malicious groups know that health and biometric data isn’t easily replaced making it a prime target for any attack. This means that any biometric-based payment system needs to address the question of data compromise within its design and ensure that software designs are kept current with the threat prevailing landscape. After all, as software designs age, implementation decisions that were once thought “best practice” can show their age and become exploitable.  Read Less