Expert(s):
VPfeature_status*/ ?>
Cerberus Sentinel

Comments Dotted : 30
March 25, 2021

IoT Maker Sierra Wireless Suffers Ransomware Attack – Experts Reaction And Advice
It’s important that all organizations understand the cost of a ransomware attack.

Sierra Wireless claims that they don’t currently believe that any customer services or products have been affected, but given the recent SolarWinds based supply-chain compromise I urge both Sierra and their customers to closely review software and firmware to ensure that no malicious alterations have been introduced by the attackers.  Even if there is no reason to believe that such access would have been possible, the scale of devices Sierra Wireless manufactures warrant a thorough review to

.....Read More

Sierra Wireless claims that they don’t currently believe that any customer services or products have been affected, but given the recent SolarWinds based supply-chain compromise I urge both Sierra and their customers to closely review software and firmware to ensure that no malicious alterations have been introduced by the attackers.  Even if there is no reason to believe that such access would have been possible, the scale of devices Sierra Wireless manufactures warrant a thorough review to ensure the safety of their customers.

 

It’s important that all organizations understand the cost of a ransomware attack.  It’s not just the cost of investigation and restoration (which can be significant), but in many cases, it means that business operations halt altogether.  Sierra Wireless’s main website remains offline 3 days after first discovering the attack and they have self-reported the shutdown of their manufacturing lines. 

 

Another unspoken precursor often necessary for a successful mass-scale ransomware attack is that after gaining initial access, say by phishing an average employee, the cybercriminals are successful in escalating their network privileges and gaining enterprise-wide administrative access to the entire organization.  This means they have more or less complete control of all systems and data on the network and all of the potential risks of alteration, theft, and disclosure that level of access suggests.

  Read Less
February 19, 2021

Expert On Hundreds Of Thousands Immigration And COVID Records Exposed In Jamaica
Organizations must adopt a culture of security.

This breach continues to demonstrate that while you can outsource your security, you cannot outsource risk. It doesn’t matter if a third party is to blame for a security breach, the reality is that the data that your users have entrusted you with has been compromised. Organizations must adopt a culture of security that includes carefully vetting the processes and procedures of vendors and contractors who have access to sensitive data and systems.

February 17, 2021

Expert Reaction On SHAREit Recent Vulnerabilities
Worse, there is almost no way for the average user to verify the safety of the apps they use.

An alarming number of mobile apps are developed by novice coders or outsourced third parties with little to no forethought around security. Worse, there is almost no way for the average user to verify the safety of the apps they use. In general, large companies tend to have better security practices in app development and testing, but it’s unfortunately not a guarantee. Developers looking to ensure the security of their users should prefer to leverage functionality built into the mobile

.....Read More

An alarming number of mobile apps are developed by novice coders or outsourced third parties with little to no forethought around security. Worse, there is almost no way for the average user to verify the safety of the apps they use. In general, large companies tend to have better security practices in app development and testing, but it’s unfortunately not a guarantee. Developers looking to ensure the security of their users should prefer to leverage functionality built into the mobile platforms themselves, whether iOS or Android rather than build themselves if possible. Users should maintain a healthy scepticism of the security protections of mobile apps and be wary of what data they share through them, especially those from smaller developers’ absent evidence of security best practices followed or independent third-party evaluation.

  Read Less
February 10, 2021

Experts Reactions On Cyberpunk 2077 Studio Falls Victim to a Ransomware Attack
High profile organisations like CD Project Red are targets of disproportionate attacks.

High profile organisations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks. In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative. It’s encouraging that they have reported that no customer

.....Read More

High profile organisations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks. In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative. It’s encouraging that they have reported that no customer data was accessed during the breach, however, if the attackers were able to exfiltrate source code for the popular Cyberpunk 2077 and Witcher games it could lead to more targeted exploit development aimed at a widespread player base. The decision to refuse to pay the attacker’s ransom demand is the right one here. With intact backups, CDPR should be able make a complete recovery, and if game code were stolen, there is no way to verify that the cybercriminals would not try to sell it anyway.

  Read Less
December 22, 2020

Expert Commentary On Crypto Exchange EXMO Hacked
Cryptocurrency exchanges are attractive targets for cybercriminals for many reasons.

A best practice is not to store and hold large amounts of funds in hot wallets on exchanges but rather transfer to either a cold hardware wallet (that has appropriate recovery codes set and stored securely) or to a standard bank account as the case may be on completion of the exchange transaction. This seeks to reduce personal exposure and loss in case of an exchange compromise.

December 18, 2020

Experts Insight On People’s Energy Data Breach
There must be a fundamental change in mindset regarding information security for all organizations.
There must be a fundamental change in mindset regarding information security for all organizations. Risks from cyber-attack need to be taken with the same seriousness as risks from fire or flooding. The reality is that most security compromises are simple attacks of opportunity and every organization is a viable target for cyber criminals. The same way organizations invest in fire suppression and alarm systems they also must consider cyber security protection and monitoring as part of the.....Read More
There must be a fundamental change in mindset regarding information security for all organizations. Risks from cyber-attack need to be taken with the same seriousness as risks from fire or flooding. The reality is that most security compromises are simple attacks of opportunity and every organization is a viable target for cyber criminals. The same way organizations invest in fire suppression and alarm systems they also must consider cyber security protection and monitoring as part of the cost of doing business. It’s critical that this start with adopting a culture of security from executive management to individual line of business contributors.  Read Less
November 24, 2020

Hoard Of Spotify User Data Exposed By Hackers’ Careless Security Practices – Experts Reaction
Password managers do a great job at alleviating this problem.
It’s easy to blame users for poor password hygiene, but the reality is that it’s very difficult to choose a single strong password. Even harder is to do so for every online account they might have and then keep up with them all. Password managers do a great job at alleviating this problem, but the free ones built in to mobile devices or web browsers can present a problem for users if they need to log into an account from a different type of device, for example the built-in Apple Keychain.....Read More
It’s easy to blame users for poor password hygiene, but the reality is that it’s very difficult to choose a single strong password. Even harder is to do so for every online account they might have and then keep up with them all. Password managers do a great job at alleviating this problem, but the free ones built in to mobile devices or web browsers can present a problem for users if they need to log into an account from a different type of device, for example the built-in Apple Keychain password manager works great on iPhones or Mac computers but not on Microsoft Windows PCs. Third party password managers can solve this problem, but often require a subscription for use. There are a few that offer free tiers as well as open source options such as Bitwarden that offer good solutions.  Read Less
November 11, 2020

Experts On 5.8 Million RedDoorz User Records For Sale On Hacking Forum
The attackers have apparently stolen RedDoorz complete database.
The good news is that RedDoorz appears to have used a secure hashing algorithm, bcrypt, to secure user passwords in the stolen database. Secure hashing algorithms like bcrypt make it much harder for attackers to crack user passwords but they aren’t a silver bullet. Although it makes cracking passwords much slower, simple and short passwords can still be cracked relatively quickly. The attackers have apparently stolen RedDoorz complete database which suggests that the most likely attack.....Read More
The good news is that RedDoorz appears to have used a secure hashing algorithm, bcrypt, to secure user passwords in the stolen database. Secure hashing algorithms like bcrypt make it much harder for attackers to crack user passwords but they aren’t a silver bullet. Although it makes cracking passwords much slower, simple and short passwords can still be cracked relatively quickly. The attackers have apparently stolen RedDoorz complete database which suggests that the most likely attack methods were insecure configuration or storage of the database, or a web attack such as SQL injection. Insecure configuration or storage can often happen if developers who aren’t familiar with security best practices inadvertently expose databases, especially in cloud services. To protect themselves, organizations must adopt a culture of security to ensure that software development processes are tightly integrated with their security operations to encompass proper security protections are in place for not only the developer’s code, but also the underlying systems and applications that it runs on.  Read Less
November 05, 2020

Cyber Experts Comment On Bitdefender Report: The ‘New Normal’ State Of Cybersecurity
The mass migration to work from home hasn’t so much introduced new threats so much as it has redefined that default assumption.
For the past three decades or so, organizations have invested in centralized information security controls such as firewalls, IPS, and patching solutions that assume that the network population is safely inside the company’s perimeter. The mass migration to work from home hasn’t so much introduced new threats so much as it has redefined that default assumption, rendering the centralized controls built around it far less effective. Another area of weakness highlighted by the raft of recent .....Read More
For the past three decades or so, organizations have invested in centralized information security controls such as firewalls, IPS, and patching solutions that assume that the network population is safely inside the company’s perimeter. The mass migration to work from home hasn’t so much introduced new threats so much as it has redefined that default assumption, rendering the centralized controls built around it far less effective. Another area of weakness highlighted by the raft of recent VPN and other remote access product vulnerabilities is monolith patch culture. For many organizations, patching efforts are centered around Windows patches, with other third-party software and notably networking equipment only patched on an ad-hoc basis. This reliably leads to delays, confusion, and incomplete coverage for patching even serious security vulnerabilities in these systems.  Read Less
September 30, 2020

Insight into Universal Health Services cyberattack
Modern ransomware gangs are not unsophisticated “script-kiddies”.
This absolutely massive attack targeting UHS shows that even large national organisations can be taken down singlehandedly by ransomware gangs. Indeed, our offensive operations team often finds that the larger an organisation is, the easier it is to take complete control of their computer operations. Large organisation networks can quickly become exponentially complex as different teams and departments each deploy their own systems and applications, often without vetting by their internal.....Read More
This absolutely massive attack targeting UHS shows that even large national organisations can be taken down singlehandedly by ransomware gangs. Indeed, our offensive operations team often finds that the larger an organisation is, the easier it is to take complete control of their computer operations. Large organisation networks can quickly become exponentially complex as different teams and departments each deploy their own systems and applications, often without vetting by their internal security team. This gives attackers a huge attack surface to target. Very often it takes only a single misconfigured system or missing security patch to cause the whole organisation’s defenses to fall like a row of dominoes. Modern ransomware gangs are not unsophisticated “script-kiddies”, they are competent and well-funded hackers capable of capitalising on any mistake a victim makes, especially around monitoring and response to security alerts in the middle of the night. This circumstance is especially unfortunate in the disruption of a large healthcare provider. Without an in-depth, we may not be able to attribute patient deaths or other adverse outcomes to the ransomware attack, but as organisational healthcare operations become more reliant on technology it’s sadly inevitable patient care will suffer in adverse ways from cyber-attacks. The only way for organisations to protect themselves from these potentially catastrophic outcomes is to adopt a culture of security, starting with understanding and support from executive management. If there is no buy-in or budget provided from leadership, not even the most talented security engineers or best of breed products stand a chance against modern ransomware gangs. You must start with the assumption that the attackers will find a way to breach the network perimeter and gain internal network access. If your threat models and security testing don’t start with this assumption you don’t stand a chance of surviving an attack without significant monetary and operational cost. You need a holistic approach that starts with understanding and implementing information security best practices from personnel training to technical configurations. Just as important is regular penetration testing as well as 24/7 security monitoring and threat hunting capabilities to ensure that no security gaps exist and initial alerts of potential compromise are caught and shut down before significant damage occurs.  Read Less