expert-profile | Information Security Buzz

Chris Grove

Product Evangelistfeature_status*/ ?>

Nozomi Networks

Comments Dotted : 7

June 08, 2021

Experts React: US Recovers Millions Paid To Colonial Pipeline Ransomware Hackers

There are dozens of victims we can also discuss who haven't fared as well.

The joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.

Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level, and must be dealt with differently. While it's great that the government recovered some of the $4.4M paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can

The joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.

We need to keep our eye on the ball and continue to build our defenses, while using actions like those today, as a way to trim the weeds that grow too tall.

Read Less

June 04, 2021

Security Expert Re: FUJIFILM Ransomware Attack

Defenders need to be aware of this, and start thinking about consequence reduction activities, not only prevention.

In the wake of a steady flow of major Ransomware attacks taking down global brands, critical infrastructure and entire cities, it should be painfully obvious by now that no one is safe. Once targeted, the attackers will probably find a way in. So, lets continue to invest in preventing these attacks, but at the same time we need to accept the inevitable. They will get in some day. So, in addition to preventing attacks, we also need to invest in becoming more resilient to successful breaches.

In many cases, it’s the abundance of caution on the victim’s side that causes them to initiate their own shutdowns of operations, not the attack itself causing the shutdown. The ransomware probably never hit the parts of the network that were isolated, but a decision was made by the facility operators to limit the blast radius of the attack, or segment off sections of infrastructure to protect it. Those networks may be able to resist the attack, or may have been super-secure. But in the end, it doesn’t matter. The attackers were able to shut down and impact infrastructure outside of the scope of their attack. Defenders need to be aware of this, and start thinking about consequence reduction activities, not only prevention. Organizations that took this mindset prior to their own ransomware attack fare much better than those that didn’t.

Read Less

June 02, 2021

Experts React: On JBS Foods Hack Must Prompt Supply Chain Cyber Protection

Events like this serve to underscore the point about IT and OT converging.

Events like this serve to underscore the point about IT and OT converging. Not only does this create new connections between IT and OT that pose risk, more importantly, OT systems are increasingly dependent on IT systems to complete the process they are supposed to be doing. Whether it’s a technical dependency that can cause an outage, or an operational dependency causing a manual forced shut down, the line between IT and OT is as blurred as the airgap from yesteryear. Problems like this beg for solutions that address risk in OT, IT, IOT, and any other Technology used in the operational process. Companies with mature Cybersecurity programs are more resilient to successful hacks and attacks, have a clearer understanding of the blast radius, quicker and lower cost recovery, and easier incident reporting for regulatory or compliance activities.

Read Less

December 09, 2020

Expert Insight On Amnesia:33 Vulnerabilities Impact Millions Of Smart And Industrial Devices

These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices.

These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices. As more and more embedded devices are used in things like building management systems, cameras, routers, sensors, locks, lights, scanners, robots, motors, and hundreds of other devices, the problem will become more prevalent. There is no slowing down on the volume or variety of embedded devices being manufactured and deployed. For the most part, not much has changed at the manufacturer level; products are being developed as quick and as cheap as possible, released, and then forgotten about. Meanwhile, attackers take advantage of the vulnerabilities that remain undetected for up to 20 years before a public disclosure is made. Even after disclosure, the teams that developed the software and can patch it are probably long gone. Knowing that the root-cause of the problem (deploying vulnerable embedded and IoT systems) is growing at and exponential and alarming rate, it’s clear that the risks need to be accounted for and properly mitigated. In many cases, embedded and un-managed technology is difficult to identify, much less considering it part of a managed asset inventory. After the embedded systems are identified, the expected behaviours of those devices can be difficult to ascertain and manage. Furthermore, understanding how to mitigate the vulnerabilities after they’ve been identified is a another matter. In fact, sometimes it’s impossible to patch, leaving operators with the realisation that they have no choice but to assume the risks. This quandary serves to underscore one of the key drivers that drive customers to our space. Facility operators need an independent set of eyes and ears to monitor everything in their environment, while assuming it’s always infected, trusting nothing, and then placing a usable asset inventory combined with artificial intelligence, machine-learning, anomaly detection, auditing, vulnerability management, and cyber-attack detection into the hands of our community. This enables organisations with mature cybersecurity programmes to understand, and account for the risks associated with the constant flow of IoT and embedded systems vulnerabilities. In essence, organisations that spend budget on cybersecurity are already equipped to manage, or at least minimise the impact of these types of exposures. Those that didn’t invest in cybersecurity? Let’s just say….unfortunately, they will be some pretty busy folks through the holidays. Read Less

October 04, 2020

Expert Reacted On Multiple Critical Vulnerabilities In Two Popular Industrial Remote Access Software Solutions

Hardening the target is also an important part of reducing the impact of the discovered flaws.

The flaws recently discovered by security researchers underscore the importance of independently monitoring ICS systems. Products that provide remote access, VPN connectivity, firewalling, etc are prone to the same issues any technology faces, which is staying ahead of the attackers and being as cyber resilient as possible. However, sometimes there can be a window of opportunity for the attackers while systems get patched, and mitigations put into place. Furthermore, if there are combined tools, like remote access + monitoring, it’s a double whammy because operator may not know if attackers took advantage of the flaws before the systems were patched. Additionally, an even more common issue is misconfiguration of cybersecurity products, allowing attackers to bypass systems without taking advantage of flaws. In the case of an advanced persistent threat (APT), if the Secure Remote Access solution (SRA) or VPN is successfully preventing the attacker from gaining access, they will resort to other methods. In any case, it’s critical for operators to think in terms of being in a constant state of recovery, not to think that their walls are impenetrable. It’d not if they get hacked, it’s when. Once this mindset is embraced, it’s easy to see that ongoing monitoring, by an independent, 3rd party technology is key to maintaining visibility and control of ICS systems. Monitoring all the activities of the SRA solutions, the VPN tunnels, all of the industrial control system traffic, knowing what’s allowed to traverse which network zone, and combining it with anomaly detection, attack signature matching, and malware sandboxing, enabling facility operators to prevent or minimise the impact of a failure in those cybersecurity boundaries. Hardening the target is also an important part of reducing the impact of the discovered flaws, by developing a detailed asset inventory, complete with identifying vulnerabilities and the necessary mitigation plans for the ICS systems. But, in the very least, maintaining independence between the remote access technologies and the cybersecurity monitoring technologies is important, especially in the midst of discoveries such as these. Read Less

April 16, 2020

COMMENT: Privacy Experts Fear A Boom In Coronavirus Surveillance

There must be recourse, or due process, in assessing the data or conclusions made from the data.

The use of surveillance tools may seem like a huge privacy issue, yet there are a few guidelines that, if followed correctly, can help the world combat COVID-19. First, the intrusions into our privacy must have a direct positive impact on fighting the virus, and the intrusions must be proportionate to the benefit. Data collected has to be based on science, and must be the minimum amount of data required, and not have bias built into the collection model or methods. The data life cycle needs to be appropriately managed, allowing people to see the data collected, how it was collected, when it will be destroyed, and when data collection will end. There must be recourse, or due process, in assessing the data or conclusions made from the data. If someone is tagged or labelled, they should have a way to challenge that conclusion. And most importantly, there must be transparency. So, as long as the data is used appropriately, is temporary, is done with total transparency, and is managed properly, this can be a very good use of technology to control nature. In this fight, we need multiple tools at our disposal. Read Less

March 03, 2020

Experts Insight On Visser Data Breach (Supplier To Lockheed, Tesla, Boeing And SpaceX)

Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.

Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate – that it can operate across IT, IoT and ICS environments - it’s critical you use a tool capable of working across the technology spectrum in order to effectively track attacks and the ransomware as it hops across heterogeneous environments. Read Less